Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/exult-1.6/actions.cc
Examining data/exult-1.6/actions.h
Examining data/exult-1.6/actorio.cc
Examining data/exult-1.6/actors.cc
Examining data/exult-1.6/actors.h
Examining data/exult-1.6/args.cc
Examining data/exult-1.6/args.h
Examining data/exult-1.6/audio/Audio.cc
Examining data/exult-1.6/audio/Audio.h
Examining data/exult-1.6/audio/AudioChannel.cc
Examining data/exult-1.6/audio/AudioChannel.h
Examining data/exult-1.6/audio/AudioMixer.cc
Examining data/exult-1.6/audio/AudioMixer.h
Examining data/exult-1.6/audio/AudioSample.cc
Examining data/exult-1.6/audio/AudioSample.h
Examining data/exult-1.6/audio/Midi.cc
Examining data/exult-1.6/audio/Midi.h
Examining data/exult-1.6/audio/OggAudioSample.cc
Examining data/exult-1.6/audio/OggAudioSample.h
Examining data/exult-1.6/audio/RawAudioSample.cc
Examining data/exult-1.6/audio/RawAudioSample.h
Examining data/exult-1.6/audio/VocAudioSample.cc
Examining data/exult-1.6/audio/VocAudioSample.h
Examining data/exult-1.6/audio/WavAudioSample.cc
Examining data/exult-1.6/audio/WavAudioSample.h
Examining data/exult-1.6/audio/conv.cc
Examining data/exult-1.6/audio/conv.h
Examining data/exult-1.6/audio/convmusic.h
Examining data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/CoreAudioMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/CoreAudioMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/CoreMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/CoreMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/FileMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/FileMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/FluidSynthMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/FluidSynthMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/KMIDI.cc
Examining data/exult-1.6/audio/midi_drivers/KMIDI.h
Examining data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/MidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/MidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/TimidityMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/TimidityMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.cpp
Examining data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.h
Examining data/exult-1.6/audio/midi_drivers/XMidiEvent.h
Examining data/exult-1.6/audio/midi_drivers/XMidiEventList.cpp
Examining data/exult-1.6/audio/midi_drivers/XMidiEventList.h
Examining data/exult-1.6/audio/midi_drivers/XMidiFile.cpp
Examining data/exult-1.6/audio/midi_drivers/XMidiFile.h
Examining data/exult-1.6/audio/midi_drivers/XMidiNoteStack.h
Examining data/exult-1.6/audio/midi_drivers/XMidiSequence.cpp
Examining data/exult-1.6/audio/midi_drivers/XMidiSequence.h
Examining data/exult-1.6/audio/midi_drivers/XMidiSequenceHandler.h
Examining data/exult-1.6/audio/midi_drivers/fmopl.cpp
Examining data/exult-1.6/audio/midi_drivers/fmopl.h
Examining data/exult-1.6/audio/midi_drivers/forked_player.cc
Examining data/exult-1.6/audio/midi_drivers/forked_player.h
Examining data/exult-1.6/audio/midi_drivers/mixer_midiout.cc
Examining data/exult-1.6/audio/midi_drivers/mixer_midiout.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Analog.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Analog.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/BReverbModel.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/BReverbModel.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Enumerations.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/File.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/File.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32FloatWaveGenerator.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32FloatWaveGenerator.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32Ramp.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32Ramp.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32WaveGenerator.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/LA32WaveGenerator.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/MemoryRegion.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/MidiEventQueue.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Part.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Partial.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Partial.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/PartialManager.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/PartialManager.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Poly.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Poly.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/ROMInfo.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/ROMInfo.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Structures.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Synth.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVA.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVF.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVF.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVP.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/TVP.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Tables.cpp
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Tables.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/Types.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/globals.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/internals.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/mmath.h
Examining data/exult-1.6/audio/midi_drivers/mt32emu/mt32emu.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_common.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_controls.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_controls.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_filter.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_filter.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_mix.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_mix.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_output.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_output.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_playmidi.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_playmidi.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_readmidi.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_readmidi.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_resample.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_resample.h
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_sdl_a.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_sdl_c.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_tables.cpp
Examining data/exult-1.6/audio/midi_drivers/timidity/timidity_tables.h
Examining data/exult-1.6/audio/soundtest.cc
Examining data/exult-1.6/audio/soundtest.h
Examining data/exult-1.6/audio/u7audiotool.cc
Examining data/exult-1.6/browser.cc
Examining data/exult-1.6/browser.h
Examining data/exult-1.6/cheat.cc
Examining data/exult-1.6/cheat.h
Examining data/exult-1.6/cheat_screen.cc
Examining data/exult-1.6/cheat_screen.h
Examining data/exult-1.6/combat.cc
Examining data/exult-1.6/combat.h
Examining data/exult-1.6/combat_opts.h
Examining data/exult-1.6/conf/Configuration.cc
Examining data/exult-1.6/conf/Configuration.h
Examining data/exult-1.6/conf/XMLEntity.cc
Examining data/exult-1.6/conf/XMLEntity.h
Examining data/exult-1.6/conf/xmain.cc
Examining data/exult-1.6/delobjs.cc
Examining data/exult-1.6/delobjs.h
Examining data/exult-1.6/dir.cc
Examining data/exult-1.6/dir.h
Examining data/exult-1.6/drag.cc
Examining data/exult-1.6/drag.h
Examining data/exult-1.6/effects.cc
Examining data/exult-1.6/effects.h
Examining data/exult-1.6/exult.cc
Examining data/exult-1.6/exult.h
Examining data/exult-1.6/exult_constants.h
Examining data/exult-1.6/exulticon.h
Examining data/exult-1.6/exultmenu.cc
Examining data/exult-1.6/exultmenu.h
Examining data/exult-1.6/files/Flat.cc
Examining data/exult-1.6/files/Flat.h
Examining data/exult-1.6/files/Flex.cc
Examining data/exult-1.6/files/Flex.h
Examining data/exult-1.6/files/IFF.cc
Examining data/exult-1.6/files/IFF.h
Examining data/exult-1.6/files/Table.cc
Examining data/exult-1.6/files/Table.h
Examining data/exult-1.6/files/U7file.cc
Examining data/exult-1.6/files/U7file.h
Examining data/exult-1.6/files/U7fileman.cc
Examining data/exult-1.6/files/U7fileman.h
Examining data/exult-1.6/files/U7obj.cc
Examining data/exult-1.6/files/U7obj.h
Examining data/exult-1.6/files/crc.cc
Examining data/exult-1.6/files/crc.h
Examining data/exult-1.6/files/databuf.h
Examining data/exult-1.6/files/listfiles.cc
Examining data/exult-1.6/files/listfiles.h
Examining data/exult-1.6/files/msgfile.cc
Examining data/exult-1.6/files/msgfile.h
Examining data/exult-1.6/files/rwregress.cc
Examining data/exult-1.6/files/sha1/sha1.cpp
Examining data/exult-1.6/files/sha1/sha1.h
Examining data/exult-1.6/files/snprintf.cc
Examining data/exult-1.6/files/utils.cc
Examining data/exult-1.6/files/utils.h
Examining data/exult-1.6/files/zip/unzip.cc
Examining data/exult-1.6/files/zip/unzip.h
Examining data/exult-1.6/files/zip/zip.cc
Examining data/exult-1.6/files/zip/zip.h
Examining data/exult-1.6/flic/playfli.cc
Examining data/exult-1.6/flic/playfli.h
Examining data/exult-1.6/fnames.h
Examining data/exult-1.6/frameseq.h
Examining data/exult-1.6/game.cc
Examining data/exult-1.6/game.h
Examining data/exult-1.6/gameclk.cc
Examining data/exult-1.6/gameclk.h
Examining data/exult-1.6/gamedat.cc
Examining data/exult-1.6/gamemap.cc
Examining data/exult-1.6/gamemap.h
Examining data/exult-1.6/gamemgr/bggame.cc
Examining data/exult-1.6/gamemgr/bggame.h
Examining data/exult-1.6/gamemgr/devgame.cc
Examining data/exult-1.6/gamemgr/devgame.h
Examining data/exult-1.6/gamemgr/modmgr.cc
Examining data/exult-1.6/gamemgr/modmgr.h
Examining data/exult-1.6/gamemgr/sigame.cc
Examining data/exult-1.6/gamemgr/sigame.h
Examining data/exult-1.6/gamerend.cc
Examining data/exult-1.6/gamerend.h
Examining data/exult-1.6/gamewin.cc
Examining data/exult-1.6/gamewin.h
Examining data/exult-1.6/gumps/Actor_gump.cc
Examining data/exult-1.6/gumps/Actor_gump.h
Examining data/exult-1.6/gumps/AudioOptions_gump.cc
Examining data/exult-1.6/gumps/AudioOptions_gump.h
Examining data/exult-1.6/gumps/Book_gump.cc
Examining data/exult-1.6/gumps/Book_gump.h
Examining data/exult-1.6/gumps/CombatStats_gump.cc
Examining data/exult-1.6/gumps/CombatStats_gump.h
Examining data/exult-1.6/gumps/Enabled_button.cc
Examining data/exult-1.6/gumps/Enabled_button.h
Examining data/exult-1.6/gumps/Face_button.cc
Examining data/exult-1.6/gumps/Face_button.h
Examining data/exult-1.6/gumps/Face_stats.cc
Examining data/exult-1.6/gumps/Face_stats.h
Examining data/exult-1.6/gumps/File_gump.cc
Examining data/exult-1.6/gumps/File_gump.h
Examining data/exult-1.6/gumps/Gamemenu_gump.cc
Examining data/exult-1.6/gumps/Gamemenu_gump.h
Examining data/exult-1.6/gumps/GameplayOptions_gump.cc
Examining data/exult-1.6/gumps/GameplayOptions_gump.h
Examining data/exult-1.6/gumps/Gump.cc
Examining data/exult-1.6/gumps/Gump.h
Examining data/exult-1.6/gumps/Gump_ToggleButton.cc
Examining data/exult-1.6/gumps/Gump_ToggleButton.h
Examining data/exult-1.6/gumps/Gump_button.cc
Examining data/exult-1.6/gumps/Gump_button.h
Examining data/exult-1.6/gumps/Gump_factory.cc
Examining data/exult-1.6/gumps/Gump_factory.h
Examining data/exult-1.6/gumps/Gump_manager.cc
Examining data/exult-1.6/gumps/Gump_manager.h
Examining data/exult-1.6/gumps/Gump_model.cc
Examining data/exult-1.6/gumps/Gump_model.h
Examining data/exult-1.6/gumps/Gump_widget.cc
Examining data/exult-1.6/gumps/Gump_widget.h
Examining data/exult-1.6/gumps/Jawbone_gump.cc
Examining data/exult-1.6/gumps/Jawbone_gump.h
Examining data/exult-1.6/gumps/MiscOptions_gump.cc
Examining data/exult-1.6/gumps/MiscOptions_gump.h
Examining data/exult-1.6/gumps/Modal_gump.h
Examining data/exult-1.6/gumps/Newfile_gump.cc
Examining data/exult-1.6/gumps/Newfile_gump.h
Examining data/exult-1.6/gumps/Notebook_gump.cc
Examining data/exult-1.6/gumps/Notebook_gump.h
Examining data/exult-1.6/gumps/Paperdoll_gump.cc
Examining data/exult-1.6/gumps/Paperdoll_gump.h
Examining data/exult-1.6/gumps/Scroll_gump.cc
Examining data/exult-1.6/gumps/Scroll_gump.h
Examining data/exult-1.6/gumps/ShortcutBar_gump.cc
Examining data/exult-1.6/gumps/ShortcutBar_gump.h
Examining data/exult-1.6/gumps/Sign_gump.cc
Examining data/exult-1.6/gumps/Sign_gump.h
Examining data/exult-1.6/gumps/Slider_gump.cc
Examining data/exult-1.6/gumps/Slider_gump.h
Examining data/exult-1.6/gumps/Spellbook_gump.cc
Examining data/exult-1.6/gumps/Spellbook_gump.h
Examining data/exult-1.6/gumps/Stats_gump.cc
Examining data/exult-1.6/gumps/Stats_gump.h
Examining data/exult-1.6/gumps/Text_button.cc
Examining data/exult-1.6/gumps/Text_button.h
Examining data/exult-1.6/gumps/Text_gump.cc
Examining data/exult-1.6/gumps/Text_gump.h
Examining data/exult-1.6/gumps/VideoOptions_gump.cc
Examining data/exult-1.6/gumps/VideoOptions_gump.h
Examining data/exult-1.6/gumps/Yesno_gump.cc
Examining data/exult-1.6/gumps/Yesno_gump.h
Examining data/exult-1.6/gumps/gump_types.h
Examining data/exult-1.6/gumps/gump_utils.h
Examining data/exult-1.6/gumps/iphone_gumps.cc
Examining data/exult-1.6/gumps/iphone_gumps.h
Examining data/exult-1.6/gumps/misc_buttons.cc
Examining data/exult-1.6/gumps/misc_buttons.h
Examining data/exult-1.6/hash_utils.h
Examining data/exult-1.6/headers/array_size.h
Examining data/exult-1.6/headers/common_types.h
Examining data/exult-1.6/headers/exceptions.h
Examining data/exult-1.6/headers/gamma.h
Examining data/exult-1.6/headers/ignore_unused_variable_warning.h
Examining data/exult-1.6/headers/ios_state.hpp
Examining data/exult-1.6/headers/pent_include.h
Examining data/exult-1.6/imagewin/ArbScaler.h
Examining data/exult-1.6/imagewin/BilinearScaler.cpp
Examining data/exult-1.6/imagewin/BilinearScaler.h
Examining data/exult-1.6/imagewin/BilinearScalerInternal.h
Examining data/exult-1.6/imagewin/BilinearScalerInternal_2x.cpp
Examining data/exult-1.6/imagewin/BilinearScalerInternal_Arb.cpp
Examining data/exult-1.6/imagewin/BilinearScalerInternal_X1Y12.cpp
Examining data/exult-1.6/imagewin/BilinearScalerInternal_X2Y24.cpp
Examining data/exult-1.6/imagewin/PointScaler.cpp
Examining data/exult-1.6/imagewin/PointScaler.h
Examining data/exult-1.6/imagewin/ibuf16.cc
Examining data/exult-1.6/imagewin/ibuf16.h
Examining data/exult-1.6/imagewin/ibuf8.cc
Examining data/exult-1.6/imagewin/ibuf8.h
Examining data/exult-1.6/imagewin/imagebuf.cc
Examining data/exult-1.6/imagewin/imagebuf.h
Examining data/exult-1.6/imagewin/imagewin.cc
Examining data/exult-1.6/imagewin/imagewin.h
Examining data/exult-1.6/imagewin/iwin8.cc
Examining data/exult-1.6/imagewin/iwin8.h
Examining data/exult-1.6/imagewin/manip.h
Examining data/exult-1.6/imagewin/savepcx.cc
Examining data/exult-1.6/imagewin/scale_2x.cc
Examining data/exult-1.6/imagewin/scale_2x.h
Examining data/exult-1.6/imagewin/scale_2xSaI.cc
Examining data/exult-1.6/imagewin/scale_2xSaI.h
Examining data/exult-1.6/imagewin/scale_bilinear.cc
Examining data/exult-1.6/imagewin/scale_bilinear.h
Examining data/exult-1.6/imagewin/scale_gl.cc
Examining data/exult-1.6/imagewin/scale_hq2x.cc
Examining data/exult-1.6/imagewin/scale_hq2x.h
Examining data/exult-1.6/imagewin/scale_hq3x.cc
Examining data/exult-1.6/imagewin/scale_hq3x.h
Examining data/exult-1.6/imagewin/scale_hq4x.cc
Examining data/exult-1.6/imagewin/scale_hq4x.h
Examining data/exult-1.6/imagewin/scale_hqnx.h
Examining data/exult-1.6/imagewin/scale_interlace.cc
Examining data/exult-1.6/imagewin/scale_interlace.h
Examining data/exult-1.6/imagewin/scale_point.cc
Examining data/exult-1.6/imagewin/scale_point.h
Examining data/exult-1.6/imagewin/scale_xbr.cc
Examining data/exult-1.6/imagewin/scale_xbr.h
Examining data/exult-1.6/istring.cc
Examining data/exult-1.6/istring.h
Examining data/exult-1.6/keyactions.cc
Examining data/exult-1.6/keyactions.h
Examining data/exult-1.6/keys.cc
Examining data/exult-1.6/keys.h
Examining data/exult-1.6/mapedit/bargeedit.cc
Examining data/exult-1.6/mapedit/chunklst.h
Examining data/exult-1.6/mapedit/combo.cc
Examining data/exult-1.6/mapedit/combo.h
Examining data/exult-1.6/mapedit/compile.cc
Examining data/exult-1.6/mapedit/contedit.cc
Examining data/exult-1.6/mapedit/eggedit.cc
Examining data/exult-1.6/mapedit/execbox.cc
Examining data/exult-1.6/mapedit/execbox.h
Examining data/exult-1.6/mapedit/exult_studio.cc
Examining data/exult-1.6/mapedit/gtk_redefines.h
Examining data/exult-1.6/mapedit/locator.cc
Examining data/exult-1.6/mapedit/locator.h
Examining data/exult-1.6/mapedit/maps.cc
Examining data/exult-1.6/mapedit/npcedit.cc
Examining data/exult-1.6/mapedit/npclst.cc
Examining data/exult-1.6/mapedit/npclst.h
Examining data/exult-1.6/mapedit/objbrowse.cc
Examining data/exult-1.6/mapedit/objbrowse.h
Examining data/exult-1.6/mapedit/objedit.cc
Examining data/exult-1.6/mapedit/paledit.cc
Examining data/exult-1.6/mapedit/paledit.h
Examining data/exult-1.6/mapedit/paltest.cc
Examining data/exult-1.6/mapedit/shapedraw.cc
Examining data/exult-1.6/mapedit/shapedraw.h
Examining data/exult-1.6/mapedit/shapeedit.cc
Examining data/exult-1.6/mapedit/shapefile.cc
Examining data/exult-1.6/mapedit/shapefile.h
Examining data/exult-1.6/mapedit/shapegroup.cc
Examining data/exult-1.6/mapedit/shapegroup.h
Examining data/exult-1.6/mapedit/shapelst.cc
Examining data/exult-1.6/mapedit/shapelst.h
Examining data/exult-1.6/mapedit/shapetest.cc
Examining data/exult-1.6/mapedit/studio.cc
Examining data/exult-1.6/mapedit/studio.h
Examining data/exult-1.6/mapedit/tools/mockup/defs.h
Examining data/exult-1.6/mapedit/tools/mockup/main.c
Examining data/exult-1.6/mapedit/tools/mockup/main.h
Examining data/exult-1.6/mapedit/tools/smooth/config.c
Examining data/exult-1.6/mapedit/tools/smooth/config.h
Examining data/exult-1.6/mapedit/tools/smooth/globals.h
Examining data/exult-1.6/mapedit/tools/smooth/image.c
Examining data/exult-1.6/mapedit/tools/smooth/image.h
Examining data/exult-1.6/mapedit/tools/smooth/linked.c
Examining data/exult-1.6/mapedit/tools/smooth/linked.h
Examining data/exult-1.6/mapedit/tools/smooth/param.c
Examining data/exult-1.6/mapedit/tools/smooth/param.h
Examining data/exult-1.6/mapedit/tools/smooth/plugin.c
Examining data/exult-1.6/mapedit/tools/smooth/plugin.h
Examining data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c
Examining data/exult-1.6/mapedit/tools/smooth/plugins/plugin_smooth.c
Examining data/exult-1.6/mapedit/tools/smooth/plugins/plugin_stream.c
Examining data/exult-1.6/mapedit/tools/smooth/smooth.c
Examining data/exult-1.6/mapedit/tools/smooth/smooth.h
Examining data/exult-1.6/mapedit/u7shp.c
Examining data/exult-1.6/mapedit/ucbrowse.cc
Examining data/exult-1.6/mapedit/ucbrowse.h
Examining data/exult-1.6/mapedit/uniquepal.c
Examining data/exult-1.6/mapedit/chunklst.cc
Examining data/exult-1.6/menulist.cc
Examining data/exult-1.6/menulist.h
Examining data/exult-1.6/monsters.cc
Examining data/exult-1.6/monsters.h
Examining data/exult-1.6/mouse.cc
Examining data/exult-1.6/mouse.h
Examining data/exult-1.6/msvc9/exconfig/StdAfx.cpp
Examining data/exult-1.6/msvc9/exconfig/StdAfx.h
Examining data/exult-1.6/msvc9/exconfig/exconfig.cpp
Examining data/exult-1.6/msvc9/exconfig/exconfig.h
Examining data/exult-1.6/msvc9/exconfig/resource.h
Examining data/exult-1.6/msvc9/msvc_kludges.cc
Examining data/exult-1.6/msvc9/msvc_kludges.h
Examining data/exult-1.6/msvc9/unistd.h
Examining data/exult-1.6/msvcstuff/exconfig/StdAfx.cpp
Examining data/exult-1.6/msvcstuff/exconfig/StdAfx.h
Examining data/exult-1.6/msvcstuff/exconfig/exconfig.cpp
Examining data/exult-1.6/msvcstuff/exconfig/exconfig.h
Examining data/exult-1.6/msvcstuff/exconfig/resource.h
Examining data/exult-1.6/msvcstuff/msvc_kludges.cc
Examining data/exult-1.6/msvcstuff/msvc_kludges.h
Examining data/exult-1.6/msvcstuff/unistd.h
Examining data/exult-1.6/npcnear.cc
Examining data/exult-1.6/npcnear.h
Examining data/exult-1.6/npctime.cc
Examining data/exult-1.6/npctime.h
Examining data/exult-1.6/objs/animate.cc
Examining data/exult-1.6/objs/animate.h
Examining data/exult-1.6/objs/barge.cc
Examining data/exult-1.6/objs/barge.h
Examining data/exult-1.6/objs/chunks.cc
Examining data/exult-1.6/objs/chunks.h
Examining data/exult-1.6/objs/chunkter.cc
Examining data/exult-1.6/objs/chunkter.h
Examining data/exult-1.6/objs/citerate.h
Examining data/exult-1.6/objs/contain.cc
Examining data/exult-1.6/objs/contain.h
Examining data/exult-1.6/objs/egg.cc
Examining data/exult-1.6/objs/egg.h
Examining data/exult-1.6/objs/find_nearby.h
Examining data/exult-1.6/objs/flags.h
Examining data/exult-1.6/objs/iregobjs.cc
Examining data/exult-1.6/objs/iregobjs.h
Examining data/exult-1.6/objs/jawbone.cc
Examining data/exult-1.6/objs/jawbone.h
Examining data/exult-1.6/objs/mappatch.cc
Examining data/exult-1.6/objs/mappatch.h
Examining data/exult-1.6/objs/objclient.cc
Examining data/exult-1.6/objs/objclient.h
Examining data/exult-1.6/objs/objiter.cc
Examining data/exult-1.6/objs/objiter.h
Examining data/exult-1.6/objs/objlist.h
Examining data/exult-1.6/objs/objnames.cc
Examining data/exult-1.6/objs/objs.cc
Examining data/exult-1.6/objs/objs.h
Examining data/exult-1.6/objs/ordinfo.h
Examining data/exult-1.6/objs/spellbook.cc
Examining data/exult-1.6/objs/spellbook.h
Examining data/exult-1.6/objs/virstone.cc
Examining data/exult-1.6/objs/virstone.h
Examining data/exult-1.6/opengl/gltest1.cc
Examining data/exult-1.6/opengl/gltest2.cc
Examining data/exult-1.6/opengl/gltest3.cc
Examining data/exult-1.6/opengl/model.cc
Examining data/exult-1.6/opengl/model.h
Examining data/exult-1.6/opengl/model3ds.cc
Examining data/exult-1.6/opengl/modelgl.cc
Examining data/exult-1.6/palette.cc
Examining data/exult-1.6/palette.h
Examining data/exult-1.6/party.cc
Examining data/exult-1.6/party.h
Examining data/exult-1.6/pathfinder/Astar.cc
Examining data/exult-1.6/pathfinder/Astar.h
Examining data/exult-1.6/pathfinder/PathFinder.cc
Examining data/exult-1.6/pathfinder/PathFinder.h
Examining data/exult-1.6/pathfinder/Zombie.cc
Examining data/exult-1.6/pathfinder/Zombie.h
Examining data/exult-1.6/pathfinder/path.cc
Examining data/exult-1.6/paths.cc
Examining data/exult-1.6/paths.h
Examining data/exult-1.6/readnpcs.cc
Examining data/exult-1.6/rect.h
Examining data/exult-1.6/schedule.cc
Examining data/exult-1.6/schedule.h
Examining data/exult-1.6/sdl-compat.h
Examining data/exult-1.6/server/objserial.cc
Examining data/exult-1.6/server/objserial.h
Examining data/exult-1.6/server/servemsg.cc
Examining data/exult-1.6/server/servemsg.h
Examining data/exult-1.6/server/server.cc
Examining data/exult-1.6/server/server.h
Examining data/exult-1.6/server/servewin32.cc
Examining data/exult-1.6/server/servewin32.h
Examining data/exult-1.6/shapeid.cc
Examining data/exult-1.6/shapeid.h
Examining data/exult-1.6/shapes/baseinf.h
Examining data/exult-1.6/shapes/data_utils.h
Examining data/exult-1.6/shapes/font.cc
Examining data/exult-1.6/shapes/font.h
Examining data/exult-1.6/shapes/fontgen.cc
Examining data/exult-1.6/shapes/fontgen.h
Examining data/exult-1.6/shapes/fontvga.cc
Examining data/exult-1.6/shapes/fontvga.h
Examining data/exult-1.6/shapes/glshape.cc
Examining data/exult-1.6/shapes/glshape.h
Examining data/exult-1.6/shapes/items.cc
Examining data/exult-1.6/shapes/items.h
Examining data/exult-1.6/shapes/miscinf.cc
Examining data/exult-1.6/shapes/miscinf.h
Examining data/exult-1.6/shapes/pngio.cc
Examining data/exult-1.6/shapes/pngio.h
Examining data/exult-1.6/shapes/ready.h
Examining data/exult-1.6/shapes/shapeinf.cc
Examining data/exult-1.6/shapes/shapeinf.h
Examining data/exult-1.6/shapes/shapeinf/ammoinf.cc
Examining data/exult-1.6/shapes/shapeinf/ammoinf.h
Examining data/exult-1.6/shapes/shapeinf/aniinf.cc
Examining data/exult-1.6/shapes/shapeinf/aniinf.h
Examining data/exult-1.6/shapes/shapeinf/armorinf.cc
Examining data/exult-1.6/shapes/shapeinf/armorinf.h
Examining data/exult-1.6/shapes/shapeinf/bodyinf.cc
Examining data/exult-1.6/shapes/shapeinf/bodyinf.h
Examining data/exult-1.6/shapes/shapeinf/continf.cc
Examining data/exult-1.6/shapes/shapeinf/continf.h
Examining data/exult-1.6/shapes/shapeinf/effhpinf.cc
Examining data/exult-1.6/shapes/shapeinf/effhpinf.h
Examining data/exult-1.6/shapes/shapeinf/expinf.cc
Examining data/exult-1.6/shapes/shapeinf/expinf.h
Examining data/exult-1.6/shapes/shapeinf/frflags.cc
Examining data/exult-1.6/shapes/shapeinf/frflags.h
Examining data/exult-1.6/shapes/shapeinf/frnameinf.cc
Examining data/exult-1.6/shapes/shapeinf/frnameinf.h
Examining data/exult-1.6/shapes/shapeinf/frusefun.cc
Examining data/exult-1.6/shapes/shapeinf/frusefun.h
Examining data/exult-1.6/shapes/shapeinf/monstinf.cc
Examining data/exult-1.6/shapes/shapeinf/monstinf.h
Examining data/exult-1.6/shapes/shapeinf/npcdollinf.cc
Examining data/exult-1.6/shapes/shapeinf/npcdollinf.h
Examining data/exult-1.6/shapes/shapeinf/objdollinf.cc
Examining data/exult-1.6/shapes/shapeinf/objdollinf.h
Examining data/exult-1.6/shapes/shapeinf/sfxinf.cc
Examining data/exult-1.6/shapes/shapeinf/sfxinf.h
Examining data/exult-1.6/shapes/shapeinf/warminf.cc
Examining data/exult-1.6/shapes/shapeinf/warminf.h
Examining data/exult-1.6/shapes/shapeinf/weaponinf.cc
Examining data/exult-1.6/shapes/shapeinf/weaponinf.h
Examining data/exult-1.6/shapes/shapevga.cc
Examining data/exult-1.6/shapes/shapevga.h
Examining data/exult-1.6/shapes/shapewrite.cc
Examining data/exult-1.6/shapes/u7drag.cc
Examining data/exult-1.6/shapes/u7drag.h
Examining data/exult-1.6/shapes/vgafile.cc
Examining data/exult-1.6/shapes/vgafile.h
Examining data/exult-1.6/singles.h
Examining data/exult-1.6/tiles.h
Examining data/exult-1.6/tools/cmanip.cc
Examining data/exult-1.6/tools/expack.cc
Examining data/exult-1.6/tools/gnome_shp_thumbnailer.cc
Examining data/exult-1.6/tools/ipack.cc
Examining data/exult-1.6/tools/mklink.cc
Examining data/exult-1.6/tools/rip.cc
Examining data/exult-1.6/tools/shp2pcx.cc
Examining data/exult-1.6/tools/splitshp.cc
Examining data/exult-1.6/tools/textpack.cc
Examining data/exult-1.6/tools/u7voice2syx.cc
Examining data/exult-1.6/tools/uctools.h
Examining data/exult-1.6/tools/wuc.cc
Examining data/exult-1.6/tqueue.cc
Examining data/exult-1.6/tqueue.h
Examining data/exult-1.6/txtscroll.cc
Examining data/exult-1.6/txtscroll.h
Examining data/exult-1.6/usecode/bgintrinsics.h
Examining data/exult-1.6/usecode/compiler/basic_block.h
Examining data/exult-1.6/usecode/compiler/ucclass.cc
Examining data/exult-1.6/usecode/compiler/ucclass.h
Examining data/exult-1.6/usecode/compiler/ucdefs.h
Examining data/exult-1.6/usecode/compiler/ucexpr.cc
Examining data/exult-1.6/usecode/compiler/ucexpr.h
Examining data/exult-1.6/usecode/compiler/ucfun.cc
Examining data/exult-1.6/usecode/compiler/ucfun.h
Examining data/exult-1.6/usecode/compiler/ucloc.cc
Examining data/exult-1.6/usecode/compiler/ucloc.h
Examining data/exult-1.6/usecode/compiler/ucmain.cc
Examining data/exult-1.6/usecode/compiler/ucstmt.cc
Examining data/exult-1.6/usecode/compiler/ucstmt.h
Examining data/exult-1.6/usecode/compiler/ucsym.cc
Examining data/exult-1.6/usecode/compiler/ucsym.h
Examining data/exult-1.6/usecode/conversation.cc
Examining data/exult-1.6/usecode/conversation.h
Examining data/exult-1.6/usecode/debugmsg.h
Examining data/exult-1.6/usecode/debugserver.cc
Examining data/exult-1.6/usecode/debugserver.h
Examining data/exult-1.6/usecode/intrinsics.cc
Examining data/exult-1.6/usecode/keyring.cc
Examining data/exult-1.6/usecode/keyring.h
Examining data/exult-1.6/usecode/opcodes.h
Examining data/exult-1.6/usecode/sibetaintrinsics.h
Examining data/exult-1.6/usecode/siintrinsics.h
Examining data/exult-1.6/usecode/stackframe.cc
Examining data/exult-1.6/usecode/stackframe.h
Examining data/exult-1.6/usecode/ucdebugging.cc
Examining data/exult-1.6/usecode/ucdebugging.h
Examining data/exult-1.6/usecode/ucdisasm.cc
Examining data/exult-1.6/usecode/ucfunction.cc
Examining data/exult-1.6/usecode/ucfunction.h
Examining data/exult-1.6/usecode/ucinternal.cc
Examining data/exult-1.6/usecode/ucinternal.h
Examining data/exult-1.6/usecode/ucmachine.cc
Examining data/exult-1.6/usecode/ucmachine.h
Examining data/exult-1.6/usecode/ucsched.cc
Examining data/exult-1.6/usecode/ucsched.h
Examining data/exult-1.6/usecode/ucscriptop.h
Examining data/exult-1.6/usecode/ucserial.cc
Examining data/exult-1.6/usecode/ucserial.h
Examining data/exult-1.6/usecode/ucsymtbl.cc
Examining data/exult-1.6/usecode/ucsymtbl.h
Examining data/exult-1.6/usecode/ucxt/head2data.cc
Examining data/exult-1.6/usecode/ucxt/include/ops.h
Examining data/exult-1.6/usecode/ucxt/include/ucc.h
Examining data/exult-1.6/usecode/ucxt/include/ucdata.h
Examining data/exult-1.6/usecode/ucxt/include/ucfunc.h
Examining data/exult-1.6/usecode/ucxt/src/ops.cc
Examining data/exult-1.6/usecode/ucxt/src/ucdata.cc
Examining data/exult-1.6/usecode/ucxt/src/ucfunc.cc
Examining data/exult-1.6/usecode/ucxt/src/ucxt.cc
Examining data/exult-1.6/usecode/usefuns.h
Examining data/exult-1.6/usecode/useval.cc
Examining data/exult-1.6/usecode/useval.h
Examining data/exult-1.6/version.cc
Examining data/exult-1.6/version.h
Examining data/exult-1.6/win32/exconfig.cc
Examining data/exult-1.6/win32/exconfig.h
Examining data/exult-1.6/windrag.cc
Examining data/exult-1.6/windrag.h
Examining data/exult-1.6/xdrag.cc
Examining data/exult-1.6/xdrag.h
FINAL RESULTS:
data/exult-1.6/msvc9/exconfig/exconfig.cpp:197:20: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (network) std::strncat(p, "\\\\", MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:199:12: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
else std::strncat(p, "\\", MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:203:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(p, d->name, MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:205:15: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (d) std::strncat(p, "\\", MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:255:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, "\n", MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:256:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, p, MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:261:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, "\n", MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:262:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, si_pathdef, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:197:20: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (network) std::strncat(p, "\\\\", MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:199:12: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
else std::strncat(p, "\\", MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:203:8: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(p, d->name, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:205:15: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
if (d) std::strncat(p, "\\", MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:255:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, "\n", MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:256:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, p, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:261:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, "\n", MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:262:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
std::strncat(lpszValue, si_pathdef, MAX_STRLEN);
data/exult-1.6/audio/Midi.cc:56:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/audio/midi_drivers/forked_player.cc:42:2: [4] (shell) execlp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execlp("playmidi","playmidi","-v","-v","-e",name,static_cast<char *>(0));
data/exult-1.6/audio/midi_drivers/mt32emu/Structures.h:168:25: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
} MT32EMU_ALIGN_PACKED system;
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:231:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(fmt, list);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:640:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.masterTune = 0x4A; // Confirmed on CM-64
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:641:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.reverbMode = 0; // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:642:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.reverbTime = 5; // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:643:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.reverbLevel = 3; // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:644:17: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
memcpy(mt32ram.system.reserveSettings, &controlROMData[controlROMMap->reserveSettings], 9); // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:650:11: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.chanAssign[i] = i + 1;
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:652:10: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
mt32ram.system.masterVol = 100; // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1197:87: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
systemMemoryRegion = new SystemMemoryRegion(this, reinterpret_cast<Bit8u *>(&mt32ram.system), &controlROMData[controlROMMap->systemMaxTable]);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1495:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
float masterTune = 440.0f * EXP2F((mt32ram.system.masterTune - 64.0f) / (128.0f * 12.0f));
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1502:60: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
printDebug(" Reverb: mode=%d, time=%d, level=%d", mt32ram.system.reverbMode, mt32ram.system.reverbTime, mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1502:87: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
printDebug(" Reverb: mode=%d, time=%d, level=%d", mt32ram.system.reverbMode, mt32ram.system.reverbTime, mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1502:114: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
printDebug(" Reverb: mode=%d, time=%d, level=%d", mt32ram.system.reverbMode, mt32ram.system.reverbTime, mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1510:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reportHandler->onNewReverbMode(mt32ram.system.reverbMode);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1511:41: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reportHandler->onNewReverbTime(mt32ram.system.reverbTime);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1512:42: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reportHandler->onNewReverbLevel(mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1515:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (mt32ram.system.reverbTime == 0 && mt32ram.system.reverbLevel == 0) {
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1515:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (mt32ram.system.reverbTime == 0 && mt32ram.system.reverbLevel == 0) {
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1520:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reverbModel = reverbModels[mt32ram.system.reverbMode];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1537:38: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reverbModel->setParameters(mt32ram.system.reverbTime, mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1537:65: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
reverbModel->setParameters(mt32ram.system.reverbTime, mt32ram.system.reverbLevel);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1542:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Bit8u *rset = mt32ram.system.reserveSettings;
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1559:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Bit8u chan = mt32ram.system.chanAssign[i];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1566:24: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
Bit8u *rset = mt32ram.system.chanAssign;
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1573:43: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
printDebug(" Master volume: %d", mt32ram.system.masterVol);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.h:31:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:38:44: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
partial(usePartial), ampRamp(useAmpRamp), system(&usePartial->getSynth()->mt32ram.system), phase(TVA_PHASE_DEAD) {
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:38:84: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
partial(usePartial), ampRamp(useAmpRamp), system(&usePartial->getSynth()->mt32ram.system), phase(TVA_PHASE_DEAD) {
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:102:96: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
static int calcBasicAmp(const Tables *tables, const Partial *partial, const MemParams::System *system, const TimbreParam::PartialParam *partialParam, const MemParams::PatchTemp *patchTemp, const MemParams::RhythmTemp *rhythmTemp, int biasAmpSubtraction, int veloAmpSubtraction, Bit8u expression) {
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:172:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int newTarget = calcBasicAmp(tables, partial, system, partialParam, patchTemp, newRhythmTemp, biasAmpSubtraction, veloAmpSubtraction, part->getExpression());
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:224:48: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int newTarget = calcBasicAmp(tables, partial, system, partialParam, patchTemp, rhythmTemp, biasAmpSubtraction, veloAmpSubtraction, part->getExpression());
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.cpp:286:45: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
newTarget = calcBasicAmp(tables, partial, system, partialParam, patchTemp, rhythmTemp, biasAmpSubtraction, veloAmpSubtraction, part->getExpression());
data/exult-1.6/audio/midi_drivers/mt32emu/TVA.h:66:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const MemParams::System * const system;
data/exult-1.6/audio/midi_drivers/mt32emu/TVP.cpp:55:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
partial(usePartial), system(&usePartial->getSynth()->mt32ram.system) {
data/exult-1.6/audio/midi_drivers/mt32emu/TVP.cpp:55:63: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
partial(usePartial), system(&usePartial->getSynth()->mt32ram.system) {
data/exult-1.6/audio/midi_drivers/mt32emu/TVP.h:33:34: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
const MemParams::System * const system; // FIXME: Only necessary because masterTune calculation is done in the wrong place atm.
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:213:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((bank->tone[i].name=safe_Malloc<char>(strlen(w[1])+1)),w[1]);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:115:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(tmp, *(dec+1), tmp2);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:116:11: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return popen(tmp, "r");
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_filename, plp->path);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:173:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(current_filename, PATH_STRING);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:175:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(current_filename, name);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:251:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,s);
data/exult-1.6/audio/midi_drivers/timidity/timidity_controls.h:73:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp:211:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, name);
data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp:212:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, patch_ext[i]);
data/exult-1.6/audio/midi_drivers/timidity/timidity_sdl_c.cpp:46:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/audio/midi_drivers/timidity/timidity_sdl_c.cpp:111:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(timidity_error, fmt, ap);
data/exult-1.6/browser.cc:35:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *, size_t, const char *, /*args*/ ...);
data/exult-1.6/browser.cc:37:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using ::snprintf;
data/exult-1.6/cheat.cc:65:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/cheat.cc:66:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
using std::strcat;
data/exult-1.6/cheat.cc:196:14: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system(cmnd.c_str());
data/exult-1.6/files/listfiles.cc:69:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(stripped_path, path.c_str());
data/exult-1.6/files/listfiles.cc:89:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, stripped_path);
data/exult-1.6/files/listfiles.cc:93:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
std::strcat(filename, fileinfo.cFileName);
data/exult-1.6/files/snprintf.cc:394:27: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define portable_snprintf snprintf
data/exult-1.6/files/snprintf.cc:396:28: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define portable_vsnprintf vsnprintf
data/exult-1.6/files/snprintf.cc:917:40: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if (fmt_spec == 'p') str_arg_l += sprintf(tmp + str_arg_l, f, ptr_arg);
data/exult-1.6/files/snprintf.cc:922:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, int_arg);
data/exult-1.6/files/snprintf.cc:925:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, long_arg);
data/exult-1.6/files/snprintf.cc:929:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, long_long_arg);
data/exult-1.6/files/snprintf.cc:937:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, uint_arg);
data/exult-1.6/files/snprintf.cc:940:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, ulong_arg);
data/exult-1.6/files/snprintf.cc:944:21: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str_arg_l += sprintf(tmp + str_arg_l, f, ulong_long_arg);
data/exult-1.6/files/utils.cc:875:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
std::strcpy(ret, s);
data/exult-1.6/files/utils.cc:891:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to, from); // Default map.
data/exult-1.6/files/utils.cc:897:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to + len, MULTIMAP_DIR);
data/exult-1.6/files/utils.cc:902:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(to + len + 2, sep);
data/exult-1.6/files/utils.h:38:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/files/utils.h:45:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *, size_t, const char *, /*args*/ ...) ATTR_PRINTF(3,4);
data/exult-1.6/game.cc:55:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/game.cc:426:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(av_name, name);
data/exult-1.6/gamedat.cc:77:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/gamedat.cc:115:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, basepath);
data/exult-1.6/gamedat.cc:250:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fname, 50, SAVENAME, num,
data/exult-1.6/gamedat.cc:448:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fname, 50, SAVENAME, num,
data/exult-1.6/gamedat.cc:465:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fname, 50, SAVENAME, static_cast<int>(i),
data/exult-1.6/gamedat.cc:654:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(fname, 50, SAVENAME, num,
data/exult-1.6/gamedat.cc:673:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, buf);
data/exult-1.6/gamedat.cc:698:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, GAMEDAT);
data/exult-1.6/gamedat.cc:778:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, namebuf);
data/exult-1.6/gamedat.cc:831:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oname, dirname);
data/exult-1.6/gamedat.cc:944:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oname, GAMEDAT);
data/exult-1.6/gamerend.cc:29:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *, size_t, const char *, /*args*/ ...);
data/exult-1.6/gamerend.cc:31:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using ::snprintf;
data/exult-1.6/gamewin.cc:578:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, msg, ap); // Format the message.
data/exult-1.6/gamewin.h:49:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/gumps/Newfile_gump.cc:54:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/gumps/Newfile_gump.cc:55:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
using std::strcat;
data/exult-1.6/gumps/Newfile_gump.cc:484:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(info, sizeof(info), infostring, party[0].name,
data/exult-1.6/gumps/Newfile_gump.cc:643:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, games[selected].savename);
data/exult-1.6/gumps/Newfile_gump.cc:902:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(text, newname);
data/exult-1.6/gumps/Newfile_gump.cc:905:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, newname + cursor);
data/exult-1.6/gumps/Newfile_gump.cc:912:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, text);
data/exult-1.6/gumps/Newfile_gump.cc:985:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(mask, 256, SAVENAME2, GAME_BG ? "bg" : GAME_SI ? "si" : "dev");
data/exult-1.6/gumps/Newfile_gump.cc:996:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(games[i].filename, filenames[i].c_str());
data/exult-1.6/gumps/Text_gump.cc:29:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/gumps/Text_gump.cc:43:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newtext, text);
data/exult-1.6/gumps/Text_gump.cc:48:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newtext + textlen, str); // Append new.
data/exult-1.6/imagewin/imagewin.cc:1345:4: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(factor_str, 15, (factor & 1) ? " x%d.5" : " x%d", factor / 2);
data/exult-1.6/keys.cc:586:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(returned_key, iter->c_str());
data/exult-1.6/mapedit/execbox.cc:195:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(file, const_cast<char **>(argv)); // Become the new command.
data/exult-1.6/mapedit/maps.cc:159:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pname, "%s%02x", PATCH_U7IFIX, schunk);
data/exult-1.6/mapedit/maps.cc:160:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sname, "%s%02x", U7IFIX, schunk);
data/exult-1.6/mapedit/npcedit.cc:830:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(lname, numptr); // Same number as button.
data/exult-1.6/mapedit/shapegroup.cc:376:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reinterpret_cast<char *>(buf), nm);
data/exult-1.6/mapedit/shapelst.cc:889:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
int ret = system(cmd.c_str());
data/exult-1.6/mapedit/shapelst.cc:1235:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullname, "%s%02d.png", fname, i);
data/exult-1.6/mapedit/shapelst.cc:1280:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullname, "%s%02d.png", fname, 0);
data/exult-1.6/mapedit/shapelst.cc:1317:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullname, "%s%02d.png", fname, i);
data/exult-1.6/mapedit/studio.cc:592:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, xmldir);
data/exult-1.6/mapedit/studio.cc:594:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, EXULT_DATADIR);
data/exult-1.6/mapedit/studio.cc:2626:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, get_system_path(EXULT_SERVER).c_str());
data/exult-1.6/mapedit/studio.h:44:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/mapedit/tools/mockup/main.c:111:4: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(f, "%s %u", cmd, &j);
data/exult-1.6/mapedit/tools/smooth/config.c:86:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pluginname, "libsmooth_%s.dll", line);
data/exult-1.6/mapedit/tools/smooth/config.c:88:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(pluginname, "libsmooth_%s.so", line);
data/exult-1.6/msvc9/msvc_kludges.h:117:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
using ::printf;
data/exult-1.6/msvc9/msvc_kludges.h:160:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/exult-1.6/msvc9/msvc_kludges.h:160:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/exult-1.6/msvcstuff/msvc_kludges.h:126:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
using ::printf;
data/exult-1.6/msvcstuff/msvc_kludges.h:168:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/exult-1.6/msvcstuff/msvc_kludges.h:168:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/exult-1.6/objs/objnames.cc:35:48: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ATTR_PRINTF(x,y) __attribute__((format(printf, (x), (y))))
data/exult-1.6/objs/objnames.cc:43:12: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
extern int snprintf(char *, size_t, const char *, /*args*/ ...) ATTR_PRINTF(3,4);
data/exult-1.6/objs/objnames.cc:45:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
using ::snprintf;
data/exult-1.6/server/server.cc:155:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addr.sun_path, servename.c_str());
data/exult-1.6/server/server.cc:423:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(reinterpret_cast<char *>(wptr), nm.c_str());
data/exult-1.6/server/servewin32.cc:65:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, path);
data/exult-1.6/tools/ipack.cc:56:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/tools/ipack.cc:57:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
using std::strcat;
data/exult-1.6/tools/ipack.cc:112:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(shapename, "%s%04d_", basename, i);
data/exult-1.6/tools/ipack.cc:313:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(ptr, "%[^(](%d %s)", &fname[0], &dim0_cnt, &dir[0])
data/exult-1.6/tools/ipack.cc:413:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(txtpal, palname);
data/exult-1.6/tools/ipack.cc:450:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullname, "%s%02d.png", basename, frnum);
data/exult-1.6/tools/ipack.cc:678:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fullname, "%s%02d.png", basename, frnum);
data/exult-1.6/tools/rip.cc:36:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, s);
data/exult-1.6/tools/rip.cc:117:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, s);
data/exult-1.6/tools/shp2pcx.cc:440:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outfilename, "%s%02i.pcx", outprefix, i);
data/exult-1.6/tools/splitshp.cc:38:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/tools/splitshp.cc:111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fn + dotpos + 4, shapefilename + dotpos);
data/exult-1.6/tools/wuc.cc:88:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(labels[lindex], token);
data/exult-1.6/tools/wuc.cc:207:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curlabel, token);
data/exult-1.6/usecode/bgintrinsics.h:194:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
USECODE_INTRINSIC_PTR(printf), // 0xaa
data/exult-1.6/usecode/compiler/ucclass.cc:185:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Duplicate decl. of virtual member function '%s'.", m->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:108:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Can't use value of '%s'", var->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:122:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Can't assign to '%s'", var->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:138:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "'%s' must be 'shape#' or 'object#'",
data/exult-1.6/usecode/compiler/ucexpr.cc:493:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucexpr.cc:721:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Return of intrinsic '%s' is not fun. ID", fun->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:745:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucexpr.cc:764:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucexpr.cc:807:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "'%s' isn't a function or intrinsic",
data/exult-1.6/usecode/compiler/ucexpr.cc:819:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Can't assign to '%s'", var->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:837:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Can't assign to '%s'", var->get_name());
data/exult-1.6/usecode/compiler/ucexpr.cc:855:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d argument%s missing in constructor of class '%s'",
data/exult-1.6/usecode/compiler/ucexpr.cc:860:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Too many arguments in constructor of class '%s'",
data/exult-1.6/usecode/compiler/ucfun.cc:78:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Name '%s' already defined", nm);
data/exult-1.6/usecode/compiler/ucfun.cc:423:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Prefix '%s' matches no string in this function",
data/exult-1.6/usecode/compiler/ucfun.cc:434:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Prefix '%s' matches more than one string", text);
data/exult-1.6/usecode/compiler/ucloc.cc:34:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/usecode/compiler/ucloc.cc:64:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cur_source, s);
data/exult-1.6/usecode/compiler/ucmain.cc:43:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/usecode/compiler/ucstmt.cc:437:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "_%s_index", array->get_name());
data/exult-1.6/usecode/compiler/ucstmt.cc:441:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "_%s_size", array->get_name());
data/exult-1.6/usecode/compiler/ucsym.cc:138:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Var '%s' contains fun. not declared as 'shape#' or 'object#'",
data/exult-1.6/usecode/compiler/ucsym.cc:143:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Var '%s' contains a negative number", name.c_str());
data/exult-1.6/usecode/compiler/ucsym.cc:222:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Symbol '%s' already declared", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:252:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Class name '%s' already exists.", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:416:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Treating function '%s' as being a 'shape#()' function.", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:423:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Treating function '%s' as being an 'object#()' function.", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:467:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Duplicate declaration of function '%s'.", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:482:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Duplicate declaration of function '%s'.", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:489:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucsym.cc:514:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucsym.cc:551:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucsym.cc:558:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucsym.cc:579:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucsym.cc:692:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "'%s' already declared", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:696:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Decl. of virtual member function '%s' doesn't match decl. from base class", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:698:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Decl. of '%s' doesn't match previous decl", nm);
data/exult-1.6/usecode/compiler/ucsym.cc:706:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Decl. of '%s' has different usecode #.",
data/exult-1.6/usecode/compiler/ucsym.cc:726:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(msg, "Symbol '%s' already declared", nm);
data/exult-1.6/usecode/conversation.cc:35:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/usecode/conversation.cc:461:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&text[1], choices[i]);
data/exult-1.6/usecode/conversation.cc:493:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result[i], answers[i].c_str());
data/exult-1.6/usecode/intrinsics.cc:3317:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
USECODE_INTRINSIC(printf) {
data/exult-1.6/usecode/sibetaintrinsics.h:223:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
USECODE_INTRINSIC_PTR(printf), // 0xc6 (Exult)
data/exult-1.6/usecode/siintrinsics.h:225:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
USECODE_INTRINSIC_PTR(printf), // 0xc7 (Exult)
data/exult-1.6/usecode/ucinternal.cc:98:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
using std::strcat;
data/exult-1.6/usecode/ucinternal.cc:101:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
using std::strcpy;
data/exult-1.6/usecode/ucinternal.cc:452:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newstr, String);
data/exult-1.6/usecode/ucinternal.cc:454:12: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
String = strcat(newstr, str);
data/exult-1.6/usecode/ucinternal.cc:456:12: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
String = strcpy(newstr, str);
data/exult-1.6/usecode/ucinternal.h:387:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
USECODE_INTRINSIC_DECL(printf);
data/exult-1.6/usecode/ucxt/include/ucfunc.h:63:47: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
const unsigned int flag, const bool access)
data/exult-1.6/usecode/ucxt/include/ucfunc.h:64:56: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
: _func(func), _offset(offset), _flag(flag), _access(access) {}
data/exult-1.6/usecode/ucxt/include/ucfunc.h:75:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
bool access() const {
data/exult-1.6/usecode/ucxt/src/ucdata.cc:256:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (flags[i].access() == FlagData::GETFLAG)
data/exult-1.6/usecode/ucxt/src/ucdata.cc:258:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (flags[i].access() == FlagData::SETFLAG)
data/exult-1.6/usecode/ucxt/src/ucdata.cc:279:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (flags[i].access() == FlagData::GETFLAG)
data/exult-1.6/usecode/ucxt/src/ucdata.cc:281:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else if (flags[i].access() == FlagData::SETFLAG)
data/exult-1.6/cheat.cc:206:14: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
int ret = CreateProcess(NULL, const_cast<char*>(cmnd.c_str()), NULL, NULL,
data/exult-1.6/cheat.cc:206:14: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
int ret = CreateProcess(NULL, const_cast<char*>(cmnd.c_str()), NULL, NULL,
data/exult-1.6/combat.cc:529:14: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
case Actor::random:
data/exult-1.6/exult.cc:528:17: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HMODULE hLib = LoadLibrary(TEXT("DDRAW.DLL"));
data/exult-1.6/files/utils.cc:530:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
hLib = LoadLibrary("shell32.dll");
data/exult-1.6/files/utils.cc:663:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((home = getenv("HOME")) != 0)
data/exult-1.6/gamewin.cc:107:12: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
using std::srand;
data/exult-1.6/gamewin.cc:627:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(timer); // Use time to seed rand. generator.
data/exult-1.6/mapedit/shapelst.cc:900:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
int ret = CreateProcess(NULL, const_cast<char *>(cmd.c_str()),
data/exult-1.6/mapedit/shapelst.cc:900:12: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
int ret = CreateProcess(NULL, const_cast<char *>(cmd.c_str()),
data/exult-1.6/mapedit/studio.cc:546:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optchr = getopt(argc, argv, optstring)) != -1)
data/exult-1.6/mapedit/tools/smooth/plugin.c:51:10: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
a_hdl = LoadLibrary(plug_name);
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c:90:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(timer * rand());
data/exult-1.6/monsters.cc:247:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{nearest, random, flee, nearest}, // noncombatants
data/exult-1.6/monsters.cc:249:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{nearest, random, nearest, nearest}, // unpredictable
data/exult-1.6/msvc9/exconfig/exconfig.cpp:349:3: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, lpszValue, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL,
data/exult-1.6/msvc9/exconfig/exconfig.cpp:349:3: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, lpszValue, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL,
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:349:3: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, lpszValue, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL,
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:349:3: [3] (shell) CreateProcess:
This causes a new process to execute and is difficult to use safely
(CWE-78). Specify the application path in the first argument, NOT as part
of the second, or embedded spaces could allow an attacker to force a
different program to run.
CreateProcess(NULL, lpszValue, NULL, NULL, FALSE, NORMAL_PRIORITY_CLASS, NULL,
data/exult-1.6/shapes/fontgen.cc:304:39: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
GetProcAddress(LoadLibrary("GDI32"), "AddFontResourceExA");
data/exult-1.6/shapes/shapeinf/sfxinf.h:40:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
bool random; // sfx in range are to be randomly chosen.
data/exult-1.6/shapes/shapeinf/sfxinf.h:63:11: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return !random;
data/exult-1.6/shapes/shapeinf/sfxinf.h:66:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random;
data/exult-1.6/shapes/shapeinf/sfxinf.h:69:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random != f) {
data/exult-1.6/shapes/shapeinf/sfxinf.h:109:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random)
data/exult-1.6/shapes/shapewrite.cc:558:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
WriteInt(out, random, extra < 0);
data/exult-1.6/usecode/compiler/ucmain.cc:70:19: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((optchr = getopt(argc, argv, optstring)) != -1)
data/exult-1.6/usecode/compiler/ucmain.cc:82:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv("UCC_INCLUDE");
data/exult-1.6/usecode/ucxt/src/ucdata.cc:295:9: [3] (random) setstate:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
_file.setstate(_file.failbit);
data/exult-1.6/actions.cc:382:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[2];
data/exult-1.6/actions.cc:727:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(frames, f, cnt);
data/exult-1.6/actorio.cc:406:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char namebuf[17];
data/exult-1.6/actorio.cc:506:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf4[4]; // Write coords., shape, frame.
data/exult-1.6/actorio.cc:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[17]; // Write 16-byte name.
data/exult-1.6/actors.cc:88:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/actors.cc:4019:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hpmsg[50];
data/exult-1.6/actors.cc:4020:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hpmsg, "-%d(%d)", delta, oldhp - delta);
data/exult-1.6/actors.cc:5196:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[21]; // 13-byte entry - Exult extension.
data/exult-1.6/actors.cc:5228:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frames, f, cnt); // Copy in the list.
data/exult-1.6/audio/Audio.cc:61:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/audio/Audio.cc:456:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(new_sound_data, sound_data, len);
data/exult-1.6/audio/Midi.cc:805:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputstr[255];
data/exult-1.6/audio/Midi.cc:831:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputstr[255];
data/exult-1.6/audio/Midi.cc:839:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outputstr[255];
data/exult-1.6/audio/RawAudioSample.cc:72:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(samples, buffer+decomp->pos, count);
data/exult-1.6/audio/VocAudioSample.cc:321:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(samples, buffer+decomp->pos, num_samples);
data/exult-1.6/audio/VocAudioSample.cc:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[19];
data/exult-1.6/audio/WavAudioSample.cc:38:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/exult-1.6/audio/WavAudioSample.cc:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4];
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp:57:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ALSAMidiDriver::open() {
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp:173:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[1024];
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp:181:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, msg, length);
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp:194:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*client = atoi(arg);
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.cpp:195:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*port = atoi(p + 1);
data/exult-1.6/audio/midi_drivers/ALSAMidiDriver.h:40:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/CoreAudioMidiDriver.cpp:88:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int CoreAudioMidiDriver::open() {
data/exult-1.6/audio/midi_drivers/CoreAudioMidiDriver.cpp:226:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + 1, msg, length);
data/exult-1.6/audio/midi_drivers/CoreAudioMidiDriver.h:50:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/CoreMidiDriver.cpp:45:21: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int CoreMidiDriver::open() {
data/exult-1.6/audio/midi_drivers/CoreMidiDriver.cpp:75:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
deviceId = atoi(deviceIdStr.c_str());
data/exult-1.6/audio/midi_drivers/CoreMidiDriver.cpp:169:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(packet->data + 1, msg, length);
data/exult-1.6/audio/midi_drivers/CoreMidiDriver.h:49:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:216:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int FMOplMidiDriver::open()
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:950:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reserved[7]; // 40-46: reserved
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:42:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:54:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char midi_fm_instruments_table[128][11];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:57:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char adlib_opadd[9];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:64:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ins[12];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:75:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char insbank[128][12];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:90:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char adlib_data[256];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.h:94:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char myinsbank[128][12];
data/exult-1.6/audio/midi_drivers/FileMidiDriver.cpp:60:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ret = open();
data/exult-1.6/audio/midi_drivers/FileMidiDriver.h:55:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open()=0;
data/exult-1.6/audio/midi_drivers/FluidSynthMidiDriver.cpp:67:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int FluidSynthMidiDriver::open() {
data/exult-1.6/audio/midi_drivers/FluidSynthMidiDriver.h:48:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/KMIDI.cc:51:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(s.c_str());
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:515:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int code = open();
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:618:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int ret = open();
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1467:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(mt32_timbre_banks[2][start]->timbre,msg,246);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1490:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(mt32_patch_banks[0][patch],msg,8);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1522:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(mt32_rhythm_bank[temp],msg,4);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1559:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sysex_buffer[512];
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1575:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy (sysex_buffer+sysex_data_start, data, len);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1782:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[11] = {0};
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1783:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy (name,mt32_timbre_banks[bank][patch]->timbre,10);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1815:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[11] = {0};
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.h:80:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open()=0;
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp:66:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(get_system_path(basedir).c_str()))
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp:72:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(get_system_path(basedir).c_str()))
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp:78:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (file.open(get_system_path(basedir).c_str()))
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp:94:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int MT32EmuMidiDriver::open() {
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.cpp:138:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!mt32->open(*controlROMImage, *pcmROMImage)) {
data/exult-1.6/audio/midi_drivers/MT32EmuMidiDriver.h:45:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/TimidityMidiDriver.cpp:41:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int TimidityMidiDriver::open()
data/exult-1.6/audio/midi_drivers/TimidityMidiDriver.h:43:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.cpp:46:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int UnixSeqMidiDriver::open()
data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.cpp:54:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
device = ::open(devname.c_str(), O_RDWR, 0);
data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.cpp:71:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.cpp:123:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf [2048];
data/exult-1.6/audio/midi_drivers/UnixSeqMidiDriver.h:40:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.cpp:55:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.cpp:63:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int WindowsMidiDriver::open()
data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.cpp:209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_streamBuffer+1, msg, length);
data/exult-1.6/audio/midi_drivers/WindowsMidiDriver.h:65:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/XMidiEvent.h:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2];
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:37:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:39:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserveSettings[9]; // PARTIAL RESERVE (PART 1) 0-32
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chanAssign[9]; // MIDI CHANNEL (PART1) 0-16 (1-16,OFF)
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:447:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char system_init_reverb[3] = { 0,3,2 }; // reverb mode = 0, time = 3, level = 2
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:448:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char system_part_chans[9] = { 1,2,3,4,5,6,7,8,9 }; // default (0-based) chans for each part
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:449:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char system_part_rsv[9] = { 3,4,3,4,3,4,3,4,4 }; // # of reserved AIL partials/channel
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:832:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tempo_buf[5] = { 0x51, 0x03, 0x07, 0xA1, 0x20 };
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1108:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (data) std::memcpy (sysex_buffer+sysex_data_start, data, len);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1225:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1264:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tempo_buf[5] = { 0x51, 0x03, 0x07, 0xA1, 0x20 };
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1375:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reverb_value = atoi(s.c_str());
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1386:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
chorus_value = atoi(s.c_str());
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1724:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tempo_buf[5] = { 0x51, 0x03, 0x07, 0xA1, 0x20 };
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1783:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tempo_buf[5] = { 0x51, 0x03, 0x07, 0xA1, 0x20 };
data/exult-1.6/audio/midi_drivers/XMidiFile.h:59:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const static char mt32asgm[128];
data/exult-1.6/audio/midi_drivers/XMidiFile.h:60:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const static char mt32asgs[256];
data/exult-1.6/audio/midi_drivers/XMidiFile.h:61:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const static char gmasmt32[128];
data/exult-1.6/audio/midi_drivers/forked_player.cc:53:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int forked_player::open()
data/exult-1.6/audio/midi_drivers/forked_player.cc:115:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "/tmp/u7midi_XXXXXX");
data/exult-1.6/audio/midi_drivers/forked_player.cc:116:11: [2] (tmpfile) mkstemp:
Potential for temporary file vulnerability in some circumstances. Some
older Unix-like systems create temp files with permission to write by all
by default, so be sure to set the umask to override this. Also, some older
Unix systems might fail to use O_EXCL when opening the file, so make sure
that O_EXCL is used by the library (CWE-377).
::close(mkstemp(name));
data/exult-1.6/audio/midi_drivers/forked_player.h:44:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/mixer_midiout.cc:57:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int Mixer_MidiOut::open()
data/exult-1.6/audio/midi_drivers/mixer_midiout.h:38:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
virtual int open();
data/exult-1.6/audio/midi_drivers/mt32emu/BReverbModel.cpp:337:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void BReverbModel::open() {
data/exult-1.6/audio/midi_drivers/mt32emu/BReverbModel.h:110:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/exult-1.6/audio/midi_drivers/mt32emu/File.cpp:32:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sha1Digest, useSHA1Digest, sizeof(SHA1Digest) - 1);
data/exult-1.6/audio/midi_drivers/mt32emu/File.cpp:52:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fileDigest[20];
data/exult-1.6/audio/midi_drivers/mt32emu/File.h:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char SHA1Digest[41];
data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.cpp:72:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool FileStream::open(const char *filename) {
data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.cpp:74:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifsp.open(filename, ios_base::in | ios_base::binary);
data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.h:35:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MT32EMU_EXPORT bool open(const char *filename);
data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.cpp:140:24: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (preserveContent) memcpy(streamBuffer, oldStreamBuffer, streamBufferSize);
data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.cpp:193:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.cpp:194:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "parseShortMessageDataBytes: Invalid short message: status %02x, expected length %i, actual %i -> ignored", *streamBuffer, shortMessageLength, streamBufferSize);
data/exult-1.6/audio/midi_drivers/mt32emu/MidiStreamParser.cpp:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(streamBuffer, stream, sysexLength);
data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp:42:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "Rhythm");
data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp:57:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Part %d", partNum + 1);
data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp:168:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentInstr, timbreTemp->common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp:187:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentInstr, timbreTemp->common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Part.cpp:394:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(currentInstr, timbre->common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Part.h:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8]; // "Part 1".."Part 8", "Rhythm"
data/exult-1.6/audio/midi_drivers/mt32emu/Part.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currentInstr[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Structures.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:381:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(controlROMData, fileData, CONTROL_ROM_SIZE);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:513:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reverbModels[i]->open();
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:522:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&newSoundGroupNames[i][0], table[i].name, sizeof(table[i].name));
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:526:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Synth::open(const ROMImage &controlROMImage, const ROMImage &pcmROMImage, AnalogOutputMode analogOutputMode) {
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:527:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return open(controlROMImage, pcmROMImage, DEFAULT_MAX_PARTIALS, analogOutputMode);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:530:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool Synth::open(const ROMImage &controlROMImage, const ROMImage &pcmROMImage, unsigned int usePartialCount, AnalogOutputMode analogOutputMode) {
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:619:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mt32ram.rhythmTemp, &controlROMData[controlROMMap->rhythmSettings], controlROMMap->rhythmSettingsCount * 4);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:644:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mt32ram.system.reserveSettings, &controlROMData[controlROMMap->reserveSettings], 9); // Confirmed
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1185:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&paddedTimbreMaxTable[0], &controlROMData[controlROMMap->timbreMaxTable], sizeof(TimbreParam::CommonParam) + sizeof(TimbreParam::PartialParam)); // commonParam and one partialParam
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&paddedTimbreMaxTable[pos], &controlROMData[controlROMMap->timbreMaxTable + sizeof(TimbreParam::CommonParam)], sizeof(TimbreParam::PartialParam));
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1276:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timbreName[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1277:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timbreName, mt32ram.timbres[absTimbreNum].timbre.common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1302:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timbreName[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1304:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(timbreName, mt32ram.timbres[128 + timbreNum].timbre.common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1307:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(timbreName, "[None]");
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrumentName[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1321:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instrumentName, mt32ram.timbreTemp[i].common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1337:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrumentName[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1338:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instrumentName, mt32ram.timbres[patchAbsTimbreNum].timbre.common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1353:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrumentName[11];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1354:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(instrumentName, timbre->common.name, 10);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1476:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[SYSEX_BUFFER_SIZE];
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1477:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf, &data[0], len);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1528:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
reverbModel->open();
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1630:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dstSysexData, useSysexData, sysexLength);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:2072:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src + off, len);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.h:157:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char (*soundGroupNames)[9]; // Array
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.h:289:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MT32EMU_EXPORT bool open(const ROMImage &controlROMImage, const ROMImage &pcmROMImage, Bit32u usePartialCount = DEFAULT_MAX_PARTIALS, AnalogOutputMode analogOutputMode = AnalogOutputMode_COARSE);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.h:292:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
MT32EMU_EXPORT bool open(const ROMImage &controlROMImage, const ROMImage &pcmROMImage, AnalogOutputMode analogOutputMode);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char def_instr_name[256]="";
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:143:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i=atoi(w[1]);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:169:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i=atoi(w[1]);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:193:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i=atoi(w[0]);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:231:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int k=atoi(cp);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:244:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int k=atoi(cp);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:265:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
k=((atoi(cp)+100) * 100) / 157;
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:380:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ctl->open(0, 0)) {
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:476:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (ctl->open(0, 0)) {
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:505:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timidity_error[1024] = "";
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_filename[1024];
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:72:5: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(name, OPEN_MODE); /* First just check that the file exists */
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:82:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024], tmp2[1024], *cp, *cp2;
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:213:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/exult-1.6/audio/midi_drivers/timidity/timidity_controls.h:83:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int (*open)(int using_stdin, int using_stdout);
data/exult-1.6/audio/midi_drivers/timidity/timidity_filter.cpp:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp,sp->data,sp->data_length);
data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp:210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/exult-1.6/audio/midi_drivers/timidity/timidity_readmidi.cpp:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/exult-1.6/audio/midi_drivers/timidity/timidity_readmidi.cpp:555:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[4];
data/exult-1.6/audio/midi_drivers/timidity/timidity_resample.cpp:694:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char note_name[12][3] =
data/exult-1.6/audio/soundtest.cc:49:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/audio/u7audiotool.cc:68:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/exult-1.6/audio/u7audiotool.cc:69:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"/tmp/u7patch/patch%u",i);
data/exult-1.6/audio/u7audiotool.cc:70:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp=fopen(buf,"wb");
data/exult-1.6/audio/u7audiotool.cc:86:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/exult-1.6/audio/u7audiotool.cc:87:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,"/tmp/u7mid/midi%u",i);
data/exult-1.6/audio/u7audiotool.cc:88:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp=fopen(buf,"wb");
data/exult-1.6/browser.cc:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/exult-1.6/browser.cc:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xfrsc[256];
data/exult-1.6/cheat.cc:511:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char msg[2];
data/exult-1.6/cheat.cc:869:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/cheat.cc:870:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "To map #%02x", newmap);
data/exult-1.6/cheat_screen.cc:219:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/cheat_screen.cc:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[5] = { 0, 0, 0, 0, 0 };
data/exult-1.6/cheat_screen.cc:556:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:662:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int npc = std::atoi(input);
data/exult-1.6/cheat_screen.cc:825:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:853:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[5] = { 0, 0, 0, 0, 0 };
data/exult-1.6/cheat_screen.cc:876:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = std::atoi(input);
data/exult-1.6/cheat_screen.cc:927:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:931:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:979:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:1060:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:1216:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:1407:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:1442:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:1591:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:1968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:2008:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:2082:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:2241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:2276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:2320:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:2426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[17];
data/exult-1.6/cheat_screen.cc:2430:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:2481:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:2569:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[5];
data/exult-1.6/cheat_screen.cc:2605:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/cheat_screen.cc:2659:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = std::atoi(input);
data/exult-1.6/cheat_screen.cc:2660:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int npc = std::atoi(input);
data/exult-1.6/cheat_screen.h:30:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *schedules[33];
data/exult-1.6/cheat_screen.h:31:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *flag_names[64];
data/exult-1.6/cheat_screen.h:32:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *alignments[4];
data/exult-1.6/combat.cc:888:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[12]; // Get frames to show.
data/exult-1.6/conf/Configuration.cc:39:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/conf/Configuration.cc:82:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ret = atoi(sub->value().c_str());
data/exult-1.6/conf/Configuration.cc:119:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[32];
data/exult-1.6/exult.cc:2205:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(fn, "rb");
data/exult-1.6/exult.cc:2230:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/exult-1.6/exult.cc:2297:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[15];
data/exult-1.6/exulticon.h:14:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char header_data_cmap[256][3] = {
data/exult-1.6/files/Flex.cc:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char titlebuf[0x50]; // Use savename for title.
data/exult-1.6/files/Flex.h:48:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[80];
data/exult-1.6/files/IFF.cc:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4];
data/exult-1.6/files/IFF.cc:126:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ckid[4];
data/exult-1.6/files/IFF.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char form_magic[4];
data/exult-1.6/files/IFF.h:42:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data_type[4];
data/exult-1.6/files/IFF.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[4];
data/exult-1.6/files/IFF.h:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/exult-1.6/files/databuf.h:212:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(b, buf_ptr, len);
data/exult-1.6/files/databuf.h:419:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf_ptr, b, len);
data/exult-1.6/files/listfiles.cc:61:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, name, -1, lpszT2, nLen);
data/exult-1.6/files/snprintf.cc:362:30: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (nn >= breakeven_point) memcpy((d), (s), nn); \
data/exult-1.6/files/snprintf.cc:583:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32];/* temporary buffer for simple numeric->string conversion */
data/exult-1.6/files/snprintf.cc:907:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[5];
data/exult-1.6/files/utils.cc:298:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in.open(name.c_str(), mode); // Try to open
data/exult-1.6/files/utils.cc:342:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out.open(name.c_str(), mode); // Try to open
data/exult-1.6/files/utils.cc:369:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = std::fopen(name.c_str(), mode); // Try to open
data/exult-1.6/files/utils.cc:408:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, n, -1, lpszT, nLen);
data/exult-1.6/files/utils.cc:495:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_ACP, 0, n, -1, lpszT, nLen);
data/exult-1.6/files/utils.cc:602:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stdout = fopen(stdoutfile, "w");
data/exult-1.6/files/utils.cc:604:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfp = fopen(stdoutfile, "w");
data/exult-1.6/files/utils.cc:617:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stderr = fopen(stderrfile, "w");
data/exult-1.6/files/utils.cc:619:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newfp = fopen(stderrfile, "w");
data/exult-1.6/files/utils.cc:677:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAXPATHLEN];
data/exult-1.6/files/utils.cc:713:8: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
std::strcat(dpath, "data");
data/exult-1.6/files/utils.cc:896:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(to, from, len); // Copy dir.
data/exult-1.6/files/utils.cc:917:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/exult-1.6/files/zip/unzip.cc:324:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin = fopen(path, "rb");
data/exult-1.6/files/zip/unzip.cc:692:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP + 1];
data/exult-1.6/files/zip/zip.cc:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[SIZEDATA_INDATABLOCK];
data/exult-1.6/files/zip/zip.cc:227:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4];
data/exult-1.6/files/zip/zip.cc:276:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ziinit.filezip = fopen(pathname, "r+b");
data/exult-1.6/files/zip/zip.cc:280:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ziinit.filezip = fopen(pathname, "wb");
data/exult-1.6/flic/playfli.cc:144:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colors[3 * 256];
data/exult-1.6/game.cc:65:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char av_name[17] = "";
data/exult-1.6/game.cc:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/game.cc:213:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[250];
data/exult-1.6/game.cc:299:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npc_name[16];
data/exult-1.6/gamedat.cc:114:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:249:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[13]; // First write 13-byte name.
data/exult-1.6/gamedat.cc:330:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[13];
data/exult-1.6/gamedat.cc:353:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[128];
data/exult-1.6/gamedat.cc:414:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dname[128];
data/exult-1.6/gamedat.cc:447:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:464:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:470:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x50]; // It's at start of file.
data/exult-1.6/gamedat.cc:544:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18];
data/exult-1.6/gamedat.cc:653:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:669:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[0x50];
data/exult-1.6/gamedat.cc:697:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamedat.cc:775:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[0x50];
data/exult-1.6/gamedat.cc:827:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oname[50]; // Set up name.
data/exult-1.6/gamedat.cc:829:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_buffer[4];
data/exult-1.6/gamedat.cc:942:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oname[50]; // Set up name.
data/exult-1.6/gamedat.cc:1066:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oname[8]; // Set up name.
data/exult-1.6/gamedat.cc:1068:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oname, "GAMEDAT");
data/exult-1.6/gamedat.cc:1071:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(oname, "map");
data/exult-1.6/gamedat.cc:1139:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iname[128];
data/exult-1.6/gamedat.cc:1153:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[0x50];
data/exult-1.6/gamemap.cc:69:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/gamemap.cc:109:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ntiles * 3];
data/exult-1.6/gamemap.cc:167:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16 * 16 * 3];
data/exult-1.6/gamemap.cc:174:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v2buf[V2_CHUNK_HDR_SIZE]; // Check for V2.
data/exult-1.6/gamemap.cc:199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/exult-1.6/gamemap.cc:219:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[16 * 16 * 2];
data/exult-1.6/gamemap.cc:448:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[ntiles * 3];
data/exult-1.6/gamemap.cc:473:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/exult-1.6/gamemap.cc:513:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128]; // Set up name.
data/exult-1.6/gamemap.cc:548:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128]; // Set up name.
data/exult-1.6/gamemap.cc:724:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128]; // Set up name.
data/exult-1.6/gamemap.cc:743:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128]; // Set up name.
data/exult-1.6/gamemap.cc:788:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128]; // Set up name.
data/exult-1.6/gamemap.cc:906:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char entbuf[20];
data/exult-1.6/gamemap.cc:1078:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char circles[9];
data/exult-1.6/gamemap.cc:1079:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&circles[0], &entry[4], 5);
data/exult-1.6/gamemap.cc:1081:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&circles[5], &entry[10], 4);
data/exult-1.6/gamemap.cc:1155:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char circles[9] = {0};
data/exult-1.6/gamemap.cc:1334:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ntiles * 3]; // Set up buffer with shape #'s.
data/exult-1.6/gamemap.cc:1488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/gamemap.cc:1645:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/gamemap.h:72:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *schunk_cache[144];
data/exult-1.6/gamemgr/bggame.cc:683:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, pp, len);
data/exult-1.6/gamemgr/bggame.cc:1534:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fli_b[3];
data/exult-1.6/gamemgr/bggame.cc:1999:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npc_name[max_name_len + 1];
data/exult-1.6/gamemgr/bggame.cc:2000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disp_name[max_name_len + 2];
data/exult-1.6/gamemgr/modmgr.cc:297:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[50]; // Set up name.
data/exult-1.6/gamemgr/modmgr.cc:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[50];
data/exult-1.6/gamemgr/modmgr.cc:686:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char staticpath[50];
data/exult-1.6/gamemgr/sigame.cc:466:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *all_we[2] = { get_text_msg(all_we0), get_text_msg(all_we0 + 1) };
data/exult-1.6/gamemgr/sigame.cc:491:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *and_a[2] = { get_text_msg(and_a0), get_text_msg(and_a0 + 1) };
data/exult-1.6/gamemgr/sigame.cc:1309:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char npc_name[max_len + 1];
data/exult-1.6/gamemgr/sigame.cc:1310:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char disp_name[max_len + 2];
data/exult-1.6/gamerend.cc:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[40]; // Show chunk #.
data/exult-1.6/gamewin.cc:350:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(palette, cpal, 768);
data/exult-1.6/gamewin.cc:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/exult-1.6/gamewin.cc:877:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/gamewin.cc:950:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/gamewin.cc:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/gamewin.cc:1047:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[50];
data/exult-1.6/gamewin.cc:1356:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedat_identity[256];
data/exult-1.6/gamewin.cc:2185:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/exult-1.6/gamewin.cc:2200:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/exult-1.6/gamewin.cc:2210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/exult-1.6/gamewin.cc:2857:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128];
data/exult-1.6/gamewin.h:140:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *save_names[10]; // Names of saved games.
data/exult-1.6/gumps/Actor_gump.cc:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[20];
data/exult-1.6/gumps/GameplayOptions_gump.cc:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/exult-1.6/gumps/GameplayOptions_gump.cc:61:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i fps", fr);
data/exult-1.6/gumps/GameplayOptions_gump.cc:65:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pathfind_texts[3] = {"no", "single", "double"};
data/exult-1.6/gumps/Gump_manager.cc:660:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/exult-1.6/gumps/Newfile_gump.cc:45:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/gumps/Newfile_gump.cc:473:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[320];
data/exult-1.6/gumps/Newfile_gump.cc:512:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[64] = "File: ";
data/exult-1.6/gumps/Newfile_gump.cc:635:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(newname, "Quick Save");
data/exult-1.6/gumps/Newfile_gump.cc:900:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAX_SAVEGAME_NAME_LEN];
data/exult-1.6/gumps/Newfile_gump.cc:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mask[256];
data/exult-1.6/gumps/Newfile_gump.cc:1080:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(filename + i + 1);
data/exult-1.6/gumps/Newfile_gump.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserved1[48]; // 64
data/exult-1.6/gumps/Newfile_gump.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18]; // 18
data/exult-1.6/gumps/Newfile_gump.h:139:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *months[12]; // Names of the months
data/exult-1.6/gumps/Newfile_gump.h:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[MAX_SAVEGAME_NAME_LEN]; // The new name for the game
data/exult-1.6/gumps/Notebook_gump.cc:302:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[60];
data/exult-1.6/gumps/Paperdoll_gump.cc:491:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[20];
data/exult-1.6/gumps/Spellbook_gump.cc:453:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[8];
data/exult-1.6/gumps/Spellbook_gump.cc:458:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(text, "remove");
data/exult-1.6/gumps/Spellbook_gump.cc:460:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(text, "add");
data/exult-1.6/gumps/Spellbook_gump.cc:467:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
std::strcpy(text, "999");
data/exult-1.6/gumps/Stats_gump.cc:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/exult-1.6/gumps/VideoOptions_gump.cc:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/exult-1.6/gumps/VideoOptions_gump.cc:64:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ix%i", w, h);
data/exult-1.6/gumps/VideoOptions_gump.cc:261:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/exult-1.6/imagewin/ibuf8.cc:235:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(to, from, srcw);
data/exult-1.6/imagewin/ibuf8.cc:257:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(to, from, srcw);
data/exult-1.6/imagewin/imagebuf.h:40:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colors[256]; // For transforming 8-bit colors.
data/exult-1.6/imagewin/imagewin.cc:1340:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char factor_str[16];
data/exult-1.6/imagewin/imagewin.cc:1360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char factor_str[16];
data/exult-1.6/imagewin/iwin8.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char colors[768]; // Palette.
data/exult-1.6/keys.cc:39:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/keys.cc:573:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char returned_key[200];
data/exult-1.6/keys.cc:575:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(returned_key, "Error: No key assigned");
data/exult-1.6/keys.cc:585:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returned_key, " or ");
data/exult-1.6/keys.cc:590:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(returned_key, " - when pressed in game will create the last shape viewed in shapes.vga.");
data/exult-1.6/keys.cc:730:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int p = atoi(t.c_str());
data/exult-1.6/keys.cc:748:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int p = atoi(t.c_str());
data/exult-1.6/keys.cc:806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[1024]; // 1024 should be long enough
data/exult-1.6/mapedit/chunklst.cc:92:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/chunklst.cc:116:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/chunklst.cc:185:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/chunklst.cc:259:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk, data, datalen); // Copy it in.
data/exult-1.6/mapedit/chunklst.cc:768:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char v2buf[V2_CHUNK_HDR_SIZE]; // Check for V2 chunks.
data/exult-1.6/mapedit/chunklst.cc:940:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/chunklst.cc:960:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/chunklst.cc:1004:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/chunklst.cc:1030:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/chunklst.cc:1070:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, chunklist[tnum], chunksz);
data/exult-1.6/mapedit/chunklst.cc:1115:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/combo.cc:785:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/combo.cc:812:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/compile.cc:129:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[8]; // Set up args.
data/exult-1.6/mapedit/contedit.cc:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/execbox.cc:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/exult-1.6/mapedit/locator.cc:373:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[50];
data/exult-1.6/mapedit/locator.cc:391:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[50];
data/exult-1.6/mapedit/maps.cc:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[50];
data/exult-1.6/mapedit/maps.cc:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[128], destname[128];
data/exult-1.6/mapedit/maps.cc:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[128], sname[128];
data/exult-1.6/mapedit/maps.cc:158:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pname[128], sname[128];
data/exult-1.6/mapedit/maps.cc:167:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tname[128];
data/exult-1.6/mapedit/maps.cc:170:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fname + strlen(fname), "%02x", schunk);
data/exult-1.6/mapedit/maps.cc:172:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tname + strlen(tname), "%02x", schunk);
data/exult-1.6/mapedit/maps.cc:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[40];
data/exult-1.6/mapedit/maps.cc:220:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "Map #%02x", num);
data/exult-1.6/mapedit/npcedit.cc:98:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/npcedit.cc:210:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sched_names[32] = {
data/exult-1.6/mapedit/npcedit.cc:393:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pnum = atoi(name + 9);
data/exult-1.6/mapedit/npcedit.cc:430:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
fnum = atoi(name + 9 + 3);
data/exult-1.6/mapedit/npcedit.cc:444:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/npcedit.cc:791:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int num = atoi(numptr);
data/exult-1.6/mapedit/npcedit.cc:828:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lname[20]; // Set up label name.
data/exult-1.6/mapedit/npcedit.cc:829:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(lname, "npc_sched");
data/exult-1.6/mapedit/npclst.cc:495:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength], *ptr;
data/exult-1.6/mapedit/npclst.cc:808:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/npclst.cc:977:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/mapedit/paledit.cc:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/paledit.cc:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150]; // Show new selection.
data/exult-1.6/mapedit/paledit.cc:934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/mapedit/shapefile.cc:127:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/shapefile.cc:238:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/shapefile.cc:276:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/shapegroup.cc:402:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int row = atoi(str);
data/exult-1.6/mapedit/shapelst.cc:152:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/shapelst.cc:727:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[3 * 256]; // Set up palette.
data/exult-1.6/mapedit/shapelst.cc:782:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[250];
data/exult-1.6/mapedit/shapelst.cc:875:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currdir[MAX_PATH];
data/exult-1.6/mapedit/shapelst.cc:1124:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[c_num_tile_bytes]; // Move tile to buffer.
data/exult-1.6/mapedit/shapelst.cc:1128:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, src, c_tilesize);
data/exult-1.6/mapedit/shapelst.cc:1151:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[3 * 256]; // Convert to 0-255 RGB's.
data/exult-1.6/mapedit/shapelst.cc:1216:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[3 * 256]; // Get current palette.
data/exult-1.6/mapedit/shapelst.cc:1287:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[3 * 256]; // Get current palette.
data/exult-1.6/mapedit/shapelst.cc:2214:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/shapelst.cc:2448:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/mapedit/shapetest.cc:82:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
names = new char *[num_names];
data/exult-1.6/mapedit/studio.cc:97:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *mode_names[5] = {"move1", "paint1", "paint_with_chunks1",
data/exult-1.6/mapedit/studio.cc:590:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256]; // Set up paths.
data/exult-1.6/mapedit/studio.cc:597:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(path, "/exult_studio.glade");
data/exult-1.6/mapedit/studio.cc:1521:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1570:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1599:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1612:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1625:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1638:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1651:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1673:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:1774:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixels[w * h]; // Create an 8x8 shape.
data/exult-1.6/mapedit/studio.cc:1968:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(txt);
data/exult-1.6/mapedit/studio.cc:2517:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/mapedit/studio.cc:2981:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char illegal[5];
data/exult-1.6/mapedit/tools/mockup/defs.h:1:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char chunk[2];
data/exult-1.6/mapedit/tools/mockup/defs.h:2:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char u7map[36864 * 2]; // 192*192 chunk, a chunk is 2 chars long
data/exult-1.6/mapedit/tools/mockup/main.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[256], buff[7];
data/exult-1.6/mapedit/tools/mockup/main.c:99:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(argv[2], "ra");
data/exult-1.6/mapedit/tools/mockup/main.c:105:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%02x%02x%02x", red, green, blue);
data/exult-1.6/mapedit/tools/mockup/main.c:146:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen("u7map", "wb")) == NULL) {
data/exult-1.6/mapedit/tools/smooth/config.c:36:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((f = fopen(configfile, "ra")) == NULL) {
data/exult-1.6/mapedit/tools/smooth/config.c:45:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAX_LINE_LENGTH];
data/exult-1.6/mapedit/tools/smooth/globals.h:50:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char colour_hex[8];
data/exult-1.6/mapedit/tools/smooth/image.c:123:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ret, "%02x%02x%02x", \
data/exult-1.6/mapedit/tools/smooth/param.c:52:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
printf("debug value: %d\n", atoi(argv[i + 1]));
data/exult-1.6/mapedit/tools/smooth/param.c:53:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g_statics.debug = atoi(argv[i + 1]);
data/exult-1.6/mapedit/tools/smooth/plugin.c:27:10: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR lpMsgBuf[256];
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c:11:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[256][256][7];
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c:96:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6]) {
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c:96:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6]) {
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_smooth.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[256][15][7]; // colour has 6 char + \0, 13 possible choice + trigger + slave and max of 256 colours that could be subject to transformation
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_smooth.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6], glob_variables *g_var) {
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_smooth.c:154:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6], glob_variables *g_var) {
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_stream.c:14:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char col[256][18][7];
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_stream.c:154:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6], glob_variables *g_var) {
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_stream.c:154:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *plugin_apply(char colour[6], glob_variables *g_var) {
data/exult-1.6/mapedit/u7shp.c:323:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/exult-1.6/mapedit/u7shp.c:430:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/exult-1.6/mapedit/u7shp.c:803:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->pixels, out, frame->datalen);
data/exult-1.6/mapedit/u7shp.c:809:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "wb");
data/exult-1.6/mapedit/ucbrowse.cc:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[20];
data/exult-1.6/mapedit/ucbrowse.cc:361:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "%05xH", sym->get_val());
data/exult-1.6/mapedit/uniquepal.c:29:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal[768];
data/exult-1.6/mapedit/uniquepal.c:61:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[1], "r");
data/exult-1.6/mapedit/uniquepal.c:138:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(argv[2], "w");
data/exult-1.6/monsters.cc:239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char monster_mode_odds[5][4] = {
data/exult-1.6/msvc9/exconfig/exconfig.cpp:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/exult-1.6/msvc9/exconfig/exconfig.cpp:99:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void GetString(char p[MAX_STRLEN]);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:194:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void Path::GetString(char p[MAX_STRLEN]) {
data/exult-1.6/msvc9/exconfig/exconfig.cpp:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[MAX_STRLEN];
data/exult-1.6/msvc9/exconfig/exconfig.cpp:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[MAX_STRLEN];
data/exult-1.6/msvc9/msvc_kludges.h:113:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
using ::fopen;
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:99:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void GetString(char p[MAX_STRLEN]);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:194:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void Path::GetString(char p[MAX_STRLEN]) {
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:218:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[MAX_STRLEN];
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p[MAX_STRLEN];
data/exult-1.6/msvcstuff/msvc_kludges.h:122:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
using ::fopen;
data/exult-1.6/objs/barge.cc:873:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20]; // 13-byte entry + length-byte.
data/exult-1.6/objs/chunkter.cc:164:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(reinterpret_cast<char *>(undo_shapes),
data/exult-1.6/objs/chunkter.cc:196:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(reinterpret_cast<char *>(&shapes[0]),
data/exult-1.6/objs/contain.cc:621:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20]; // 12-byte entry.
data/exult-1.6/objs/egg.cc:1166:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[30]; // 12-14 byte entry.
data/exult-1.6/objs/iregobjs.cc:160:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20]; // 10-byte entry;
data/exult-1.6/objs/objnames.cc:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/exult-1.6/objs/objnames.cc:216:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/objs/objs.cc:1754:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[5];
data/exult-1.6/objs/objs.h:86:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char rotate[8]; // For getting rotated frame #.
data/exult-1.6/objs/spellbook.cc:44:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/objs/spellbook.cc:312:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[24]; // 18-byte entry.
data/exult-1.6/objs/spellbook.cc:314:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &circles[0], 5); // Store the way U7 does it.
data/exult-1.6/objs/spellbook.cc:317:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, &circles[5], 4); // Rest of spell circles.
data/exult-1.6/objs/spellbook.h:39:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char circles[9]; // Spell-present flags for each circle.
data/exult-1.6/objs/virstone.cc:61:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[20]; // 12-byte entry.
data/exult-1.6/opengl/model.h:82:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char def_color[3];
data/exult-1.6/opengl/model3ds.cc:70:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[2];
data/exult-1.6/opengl/model3ds.cc:75:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[4];
data/exult-1.6/opengl/model3ds.cc:86:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char v[4];
data/exult-1.6/opengl/model3ds.cc:102:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char header[6];
data/exult-1.6/opengl/model3ds.cc:245:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char c[3];
data/exult-1.6/palette.cc:36:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/palette.cc:63:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pal1, pal->pal1, 768);
data/exult-1.6/palette.cc:64:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pal2, pal->pal2, 768);
data/exult-1.6/palette.cc:140:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palnew[768],
data/exult-1.6/palette.cc:146:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pal1, palnew, 768);
data/exult-1.6/palette.cc:223:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pal1, buf, 768);
data/exult-1.6/palette.cc:366:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fade_pal[768];
data/exult-1.6/palette.cc:426:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char fade_pal[768];
data/exult-1.6/palette.cc:496:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palnew[768];
data/exult-1.6/palette.cc:506:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(palnew, palold, 768);
data/exult-1.6/palette.cc:549:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void Palette::set_palette(unsigned char palnew[768]) {
data/exult-1.6/palette.cc:550:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pal1, palnew, 768);
data/exult-1.6/palette.h:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal1[768];
data/exult-1.6/palette.h:49:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pal2[768];
data/exult-1.6/palette.h:59:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char border[3];
data/exult-1.6/palette.h:74:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void set(unsigned char palnew[768], int new_brightness = -1,
data/exult-1.6/palette.h:117:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void set_palette(unsigned char palnew[768]);
data/exult-1.6/pathfinder/path.cc:266:24: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
vector<Search_node *> open; // Nodes to be done, by priority. Each
data/exult-1.6/pathfinder/path.cc:278:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
A_star_queue() : open(256), lookup(1000)
data/exult-1.6/pathfinder/path.cc:280:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
A_star_queue() : open(256), lookup()
data/exult-1.6/pathfinder/path.cc:283:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.insert(open.begin(), 256, static_cast<Search_node *>(0));
data/exult-1.6/pathfinder/path.cc:283:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.insert(open.begin(), 256, static_cast<Search_node *>(0));
data/exult-1.6/pathfinder/path.cc:284:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
best = open.size(); // Best is past end.
data/exult-1.6/pathfinder/path.cc:304:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (pri >= static_cast<int>(open.size()))
data/exult-1.6/pathfinder/path.cc:305:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open.resize(pri + 2);
data/exult-1.6/pathfinder/path.cc:306:3: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[pri] = nd;
data/exult-1.6/pathfinder/path.cc:310:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Search_node *last = total_cost < static_cast<int>(open.size()) ?
data/exult-1.6/pathfinder/path.cc:311:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[total_cost] : 0;
data/exult-1.6/pathfinder/path.cc:326:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Search_node *last = total_cost < static_cast<int>(open.size()) ?
data/exult-1.6/pathfinder/path.cc:327:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
open[total_cost] : 0;
data/exult-1.6/pathfinder/path.cc:335:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int cnt = open.size();
data/exult-1.6/pathfinder/path.cc:337:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open[best] != 0)
data/exult-1.6/pathfinder/path.cc:343:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Search_node *last = best < static_cast<int>(open.size()) ? open[best] : 0;
data/exult-1.6/pathfinder/path.cc:343:62: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
Search_node *last = best < static_cast<int>(open.size()) ? open[best] : 0;
data/exult-1.6/pathfinder/path.cc:351:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int cnt = open.size();
data/exult-1.6/pathfinder/path.cc:353:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open[best] != 0)
data/exult-1.6/readnpcs.cc:216:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ent[10];
data/exult-1.6/readnpcs.cc:332:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ent[20];
data/exult-1.6/schedule.cc:490:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[2];
data/exult-1.6/schedule.cc:931:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[8]; // Frames.
data/exult-1.6/schedule.cc:934:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char choices[3] = {0, 8, 9};
data/exult-1.6/schedule.cc:1309:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[14]; // Get frames to show.
data/exult-1.6/schedule.cc:1666:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[3];
data/exult-1.6/schedule.cc:1690:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[12];
data/exult-1.6/schedule.cc:1915:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[20]; // Use tool.
data/exult-1.6/schedule.cc:2004:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[20]; // Use pick.
data/exult-1.6/schedule.cc:2503:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[2];
data/exult-1.6/schedule.cc:2783:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[5];
data/exult-1.6/schedule.cc:2835:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[3];
data/exult-1.6/schedule.cc:3116:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[2];
data/exult-1.6/schedule.cc:4069:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[5];
data/exult-1.6/schedule.cc:4400:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char fr[2];
data/exult-1.6/schedule.cc:4906:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char frames[12];
data/exult-1.6/server/objserial.cc:45:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, str, len); // Then the bytes.
data/exult-1.6/server/objserial.cc:222:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/objserial.cc:268:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/objserial.cc:315:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/objserial.cc:368:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/objserial.cc:435:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/objserial.cc:517:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/server/servemsg.cc:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[maxlength + hdrlength];
data/exult-1.6/server/servemsg.cc:66:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(&buf[5], data, datalen); // The data itself.
data/exult-1.6/server/servemsg.cc:89:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[hdrlength];
data/exult-1.6/server/server.cc:205:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/server/server.cc:324:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *msgs[3] = {"Terrain-Editing Aborted",
data/exult-1.6/server/server.cc:380:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/server/server.cc:467:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/exult-1.6/server/server.cc:471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Map #%02x", num);
data/exult-1.6/server/servewin32.cc:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_PATH];
data/exult-1.6/shapeid.cc:283:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char hard_blends[4 * 17] = {
data/exult-1.6/shapeid.cc:329:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(xforms[nxforms - 1 - i].colors, data,
data/exult-1.6/shapeid.h:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char special_pixels[NPIXCOLORS]; // Special colors.
data/exult-1.6/shapes/data_utils.h:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/shapes/data_utils.h:883:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/shapes/miscinf.cc:361:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/shapes/miscinf.cc:433:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *sections[size] = {
data/exult-1.6/shapes/miscinf.cc:466:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *sections[size] = {
data/exult-1.6/shapes/pngio.cc:64:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pngname, "rb");
data/exult-1.6/shapes/pngio.cc:67:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbuf[8]; // Make sure it's a .png.
data/exult-1.6/shapes/pngio.cc:189:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pngname, "wb");
data/exult-1.6/shapes/pngio.cc:273:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pngname, "rb");
data/exult-1.6/shapes/pngio.cc:276:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sigbuf[8]; // Make sure it's a .png.
data/exult-1.6/shapes/pngio.cc:360:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(pngname, "wb");
data/exult-1.6/shapes/shapeinf.cc:148:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(weapon_offsets, inf2.weapon_offsets, 64);
data/exult-1.6/shapes/shapeinf.h:156:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tfa[3]; // From "tfa.dat".+++++Keep for
data/exult-1.6/shapes/shapeinf.h:159:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dims[3]; // (x, y, z)
data/exult-1.6/shapes/shapeinf.h:161:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char shpdims[2]; // From "shpdims.dat".
data/exult-1.6/shapes/shapevga.cc:474:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[512];
data/exult-1.6/shapes/shapevga.cc:525:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char occbits[c_occsize]; // c_max_shapes bit flags.
data/exult-1.6/shapes/shapewrite.cc:285:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char occbits[c_occsize]; // c_max_shapes bit flags.
data/exult-1.6/shapes/vgafile.cc:49:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/shapes/vgafile.cc:259:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, pixels, len);
data/exult-1.6/shapes/vgafile.cc:285:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, pixels, c);
data/exult-1.6/shapes/vgafile.cc:300:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, buf, datalen);
data/exult-1.6/shapes/vgafile.cc:324:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, pixels, c_num_tile_bytes);
data/exult-1.6/tools/expack.cc:40:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/tools/expack.cc:297:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
U7object f(fname, atoi(argv[3]));
data/exult-1.6/tools/expack.cc:307:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[32];
data/exult-1.6/tools/expack.cc:316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outfile[32];
data/exult-1.6/tools/gnome_shp_thumbnailer.cc:60:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char shppal[768] = {
data/exult-1.6/tools/gnome_shp_thumbnailer.cc:271:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(argv[2]);
data/exult-1.6/tools/ipack.cc:237:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/exult-1.6/tools/ipack.cc:311:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[300], dir[300];
data/exult-1.6/tools/ipack.cc:414:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(txtpal, ".txt");
data/exult-1.6/tools/ipack.cc:539:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palbuf[3 * 256]; // We always write 256 colors.
data/exult-1.6/tools/rip.cc:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/exult-1.6/tools/rip.cc:20:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[18];
data/exult-1.6/tools/rip.cc:23:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen("index", "r"), *fi2, *fo = fopen("usecode", "wb");
data/exult-1.6/tools/rip.cc:23:46: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fi = fopen("index", "r"), *fi2, *fo = fopen("usecode", "wb");
data/exult-1.6/tools/rip.cc:39:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".uco");
data/exult-1.6/tools/rip.cc:43:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fi2 = fopen(filename, "rb")) == NULL) {
data/exult-1.6/tools/rip.cc:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/exult-1.6/tools/rip.cc:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[18];
data/exult-1.6/tools/rip.cc:92:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fi = fopen("usecode", "rb+")) == NULL) {
data/exult-1.6/tools/rip.cc:96:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fo2 = fopen("index", "w")) == NULL) {
data/exult-1.6/tools/rip.cc:116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s, "%04X", fn);
data/exult-1.6/tools/rip.cc:118:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".uco");
data/exult-1.6/tools/rip.cc:124:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fo = fopen(filename, "wb")) == NULL) {
data/exult-1.6/tools/rip.cc:146:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fo = fopen(filename, "rb")) == NULL) {
data/exult-1.6/tools/shp2pcx.cc:57:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/tools/shp2pcx.cc:147:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/exult-1.6/tools/shp2pcx.cc:283:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(frame->pixels + dsty * width + dstx, pixptr + srcy * frame->width + srcx, frame->width);
data/exult-1.6/tools/shp2pcx.cc:297:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/exult-1.6/tools/shp2pcx.cc:373:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(filename, "wb");
data/exult-1.6/tools/shp2pcx.cc:413:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *outprefix, outfilename[255];
data/exult-1.6/tools/splitshp.cc:39:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/tools/splitshp.cc:109:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fn, shapefilename, dotpos);
data/exult-1.6/tools/splitshp.cc:110:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn + dotpos, "_%03i", frame);
data/exult-1.6/tools/splitshp.cc:127:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shpfile = fopen(filename, "rb");
data/exult-1.6/tools/splitshp.cc:146:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
framefile = fopen(framename, "wb");
data/exult-1.6/tools/splitshp.cc:163:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
framefile = fopen(framename, "wb");
data/exult-1.6/tools/splitshp.cc:204:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
shpfile = fopen(shapefile, "wb");
data/exult-1.6/tools/splitshp.cc:209:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
framefile = fopen(framefiles[i], "rb");
data/exult-1.6/tools/splitshp.cc:281:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *framefiles[255];
data/exult-1.6/tools/u7voice2syx.cc:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sysex_buffer[8 + 256 + 2];
data/exult-1.6/tools/u7voice2syx.cc:134:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reserveSettings[9]; // PARTIAL RESERVE (PART 1) 0-32
data/exult-1.6/tools/u7voice2syx.cc:135:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chanAssign[9]; // MIDI CHANNEL (PART1) 0-16 (1-16,OFF)
data/exult-1.6/tools/u7voice2syx.cc:213:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if (data) std::memcpy(sysex_buffer + sysex_data_start, data, len);
data/exult-1.6/tools/u7voice2syx.cc:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[11];
data/exult-1.6/tools/u7voice2syx.cc:326:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(name, sysex_buffer + 8, 10);
data/exult-1.6/tools/wuc.cc:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char token[TOKEN_LENGTH], *token2, curlabel[256], indata;
data/exult-1.6/tools/wuc.cc:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labels[MAX_LABELS][10];
data/exult-1.6/tools/wuc.cc:193:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fi = fopen(argv[findex], "r")) == NULL) {
data/exult-1.6/tools/wuc.cc:197:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fo = fopen(argv[findex + 1], "wb")) == NULL) {
data/exult-1.6/tools/wuc.cc:424:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(token, "%04X:", word + 1);
data/exult-1.6/tools/wuc.cc:456:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(token, "%04X:", word + 1);
data/exult-1.6/txtscroll.cc:44:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
using std::atoi;
data/exult-1.6/txtscroll.cc:163:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char numerical[4] = {0, 0, 0, 0};
data/exult-1.6/txtscroll.cc:167:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*txtptr++ = atoi(numerical);
data/exult-1.6/usecode/compiler/ucclass.cc:184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/usecode/compiler/ucexpr.cc:76:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_tmpval_%d", cnt++);
data/exult-1.6/usecode/compiler/ucexpr.cc:107:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:137:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucexpr.cc:478:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:481:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Invalid fun. ID (%d): can't call negative function", value);
data/exult-1.6/usecode/compiler/ucexpr.cc:707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:714:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Shape # is equal to fun. ID only for shapes < 0x400; use UI_get_usecode_fun instead");
data/exult-1.6/usecode/compiler/ucexpr.cc:743:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:756:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucexpr.cc:759:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucexpr.cc:772:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf,
data/exult-1.6/usecode/compiler/ucexpr.cc:806:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:818:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:836:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucexpr.cc:853:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucexpr.cc:859:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucfun.cc:45:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
using std::memcpy;
data/exult-1.6/usecode/compiler/ucfun.cc:77:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/exult-1.6/usecode/compiler/ucfun.cc:395:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_text_data, text_data, text_data_size);
data/exult-1.6/usecode/compiler/ucfun.cc:397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_text_data + text_data_size, text, textlen);
data/exult-1.6/usecode/compiler/ucmain.cc:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[256];
data/exult-1.6/usecode/compiler/ucmain.cc:87:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
yyin = fopen(argv[optind], "r");
data/exult-1.6/usecode/compiler/ucmain.cc:95:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dot, ".uco");
data/exult-1.6/usecode/compiler/ucmain.cc:101:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
outname = strcpy(outbuf, "a.ucout");
data/exult-1.6/usecode/compiler/ucstmt.cc:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/usecode/compiler/ucstmt.cc:211:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_tmperror_%d", cnt++);
data/exult-1.6/usecode/compiler/ucstmt.cc:435:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/exult-1.6/usecode/compiler/ucstmt.cc:608:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/exult-1.6/usecode/compiler/ucstmt.cc:718:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/exult-1.6/usecode/compiler/ucstmt.cc:871:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[255];
data/exult-1.6/usecode/compiler/ucsym.cc:131:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucsym.cc:134:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Shape # is equal to fun. ID only for shapes < 0x400; use UI_get_usecode_fun instead");
data/exult-1.6/usecode/compiler/ucsym.cc:147:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Return of intrinsics are generally not fun. IDs");
data/exult-1.6/usecode/compiler/ucsym.cc:221:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[180];
data/exult-1.6/usecode/compiler/ucsym.cc:251:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/usecode/compiler/ucsym.cc:409:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucsym.cc:410:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "Shape number cannot be negative");
data/exult-1.6/usecode/compiler/ucsym.cc:415:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucsym.cc:422:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[180];
data/exult-1.6/usecode/compiler/ucsym.cc:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/usecode/compiler/ucsym.cc:481:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/usecode/compiler/ucsym.cc:488:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/usecode/compiler/ucsym.cc:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/exult-1.6/usecode/compiler/ucsym.cc:546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/exult-1.6/usecode/compiler/ucsym.cc:616:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/exult-1.6/usecode/compiler/ucsym.cc:617:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "_tmpretval_%d", cnt++);
data/exult-1.6/usecode/compiler/ucsym.cc:674:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[150];
data/exult-1.6/usecode/compiler/ucsym.cc:725:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[180];
data/exult-1.6/usecode/conversation.cc:459:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/exult-1.6/usecode/conversation.cc:490:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
result = new char *[answers.size()];
data/exult-1.6/usecode/debugserver.cc:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[Exult_server::maxlength];
data/exult-1.6/usecode/debugserver.cc:98:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[3];
data/exult-1.6/usecode/debugserver.cc:186:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[13];
data/exult-1.6/usecode/ucdebugging.cc:55:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char d[13];
data/exult-1.6/usecode/ucinternal.cc:1548:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *name,
data/exult-1.6/usecode/ucinternal.cc:1583:82: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Usecode_value Usecode_internal::Execute_Intrinsic(UsecodeIntrinsicFn func, const char *name, int intrinsic, int num_parms, Usecode_value parms[12]) {
data/exult-1.6/usecode/ucinternal.cc:2544:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/exult-1.6/usecode/ucinternal.h:185:67: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Usecode_value Execute_Intrinsic(UsecodeIntrinsicFn func, const char *name, int intrinsic, int num_parms, Usecode_value parms[12]);
data/exult-1.6/usecode/ucmachine.h:48:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gflags[c_last_gflag + 1]; // Global flags.
data/exult-1.6/usecode/ucserial.cc:68:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buf[Exult_server::maxlength];
data/exult-1.6/usecode/ucsymtbl.cc:52:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nm[256];
data/exult-1.6/usecode/ucxt/head2data.cc:47:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.open(fname.c_str());
data/exult-1.6/usecode/ucxt/head2data.cc:69:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.open(fname.c_str());
data/exult-1.6/usecode/ucxt/head2data.cc:92:4: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
o.open(fname.c_str());
data/exult-1.6/usecode/useval.h:145:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return str ? std::atoi(str)
data/exult-1.6/win32/exconfig.cc:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/exult-1.6/windrag.h:32:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, o.data, size);
data/exult-1.6/windrag.h:40:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, d, size);
data/exult-1.6/windrag.h:51:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(buf, data, size);
data/exult-1.6/windrag.h:59:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, buf, size);
data/exult-1.6/windrag.h:69:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, o.data, size);
data/exult-1.6/windrag.h:78:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
std::memcpy(data, d, size);
data/exult-1.6/actorio.cc:52:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Actor::read(
data/exult-1.6/actorio.cc:202:48: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ((intel_val >> 5) & 1) set_flag(Obj_flags::read);
data/exult-1.6/actorio.cc:367:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nfile->read(nm, funsize);
data/exult-1.6/actorio.cc:407:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nfile->read(namebuf, 16);
data/exult-1.6/actorio.cc:594:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (get_flag(Obj_flags::read)) iout |= 1 << 5;
data/exult-1.6/actorio.cc:676:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(nm, usecode_name.c_str(), size);
data/exult-1.6/actorio.cc:698:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(namebuf, namestr.c_str(), 16);
data/exult-1.6/actorio.cc:700:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(namebuf, name.c_str(), 16);
data/exult-1.6/actors.cc:3054:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ptr += strlen(att) + 1;
data/exult-1.6/actors.h:644:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(IDataSource *nfile, int num, bool has_usecode,
data/exult-1.6/audio/OggAudioSample.cc:67:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ids->read(ptr,size*nmemb);
data/exult-1.6/audio/VocAudioSample.cc:345:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(buffer,19);
data/exult-1.6/audio/WavAudioSample.cc:42:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(buf,4);
data/exult-1.6/audio/WavAudioSample.cc:48:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(buf,4);
data/exult-1.6/audio/WavAudioSample.cc:53:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(buf,4);
data/exult-1.6/audio/WavAudioSample.cc:118:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(buf,4);
data/exult-1.6/audio/WavAudioSample.cc:125:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(buf,4);
data/exult-1.6/audio/WavAudioSample.cc:136:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(buf,4);
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:823:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read[128];
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:824:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::memset(read, false, sizeof(read));
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:824:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
std::memset(read, false, sizeof(read));
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:884:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(&xmidi_ins, 11);
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:954:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(IDataSource *ds) {
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:992:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(reinterpret_cast<char *>(reserved), 7);
data/exult-1.6/audio/midi_drivers/FMOplMidiDriver.cpp:1007:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u7voice_ins.read(ds);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1816:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(name,10);
data/exult-1.6/audio/midi_drivers/LowLevelMidiDriver.cpp:1849:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds->read(mt32_timbre_banks[bank][patch]->timbre,246);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1074:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (reinterpret_cast<char *>(current->ex.sysex_data.buffer), current->ex.sysex_data.len);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1109:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if (source) source->read(sysex_buffer+sysex_data_start,len);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1232:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1239:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1304:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1404:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1415:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1437:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1473:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1486:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1576:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/XMidiFile.cpp:1590:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source->read (buf, 4);
data/exult-1.6/audio/midi_drivers/mt32emu/FileStream.cpp:62:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifsp.read(reinterpret_cast<char *>(fileData), std::streamsize(size));
data/exult-1.6/audio/midi_drivers/mt32emu/MemoryRegion.h:93:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(unsigned int entry, unsigned int off, Bit8u *dst, unsigned int len) const;
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:1253:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
region->read(first, off, data, len);
data/exult-1.6/audio/midi_drivers/mt32emu/Synth.cpp:2049:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void MemoryRegion::read(unsigned int entry, unsigned int off, Bit8u *dst, unsigned int len) const {
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:130:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(def_instr_name, w[1], 255);
data/exult-1.6/audio/midi_drivers/timidity/timidity.cpp:213:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy((bank->tone[i].name=safe_Malloc<char>(strlen(w[1])+1)),w[1]);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:84:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=strlen(name);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:87:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
el=strlen(*dec);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:140:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_filename, name, 1023);
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:164:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l=static_cast<int>(strlen(plp->path));
data/exult-1.6/audio/midi_drivers/timidity/timidity_common.cpp:250:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *path=safe_Malloc<char>(strlen(s)+1);
data/exult-1.6/audio/midi_drivers/timidity/timidity_controls.h:86:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read)(sint32 *valp);
data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp:208:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name)+strlen(patch_ext[i])<1024)
data/exult-1.6/audio/midi_drivers/timidity/timidity_instrum.cpp:208:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name)+strlen(patch_ext[i])<1024)
data/exult-1.6/audio/midi_drivers/timidity/timidity_playmidi.cpp:645:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
switch(rc=ctl->read(&val))
data/exult-1.6/cheat_screen.cc:223:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (input && std::strlen(input)) {
data/exult-1.6/cheat_screen.cc:225:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
font->paint_text_fixedwidth(ibuf, "_", 64 + std::strlen(input) * 8, maxy - 18, 8);
data/exult-1.6/cheat_screen.cc:427:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:433:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:440:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:447:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:461:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:478:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:484:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:491:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int curlen = std::strlen(input);
data/exult-1.6/cheat_screen.cc:1305:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!std::strlen(input)) mode = CP_Canceled;
data/exult-1.6/cheat_screen.cc:1543:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
snprintf(buf, 512, "[4] Read...%c", actor->get_flag(Obj_flags::read) ? 'Y' : 'N');
data/exult-1.6/cheat_screen.cc:1707:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (actor->get_flag(Obj_flags::read))
data/exult-1.6/cheat_screen.cc:1708:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actor->clear_flag(Obj_flags::read);
data/exult-1.6/cheat_screen.cc:1710:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
actor->set_flag(Obj_flags::read);
data/exult-1.6/effects.cc:51:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/effects.cc:1106:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ptr);
data/exult-1.6/exult.cc:455:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(CmdLine);
data/exult-1.6/exult.cc:1059:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gwin->read(); // Restart
data/exult-1.6/exult.cc:2241:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(text, "Gamma Changed", 256);
data/exult-1.6/files/Flat.cc:50:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(buffer, len);
data/exult-1.6/files/Flex.cc:38:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
using std::strncpy;
data/exult-1.6/files/Flex.cc:49:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(title, sizeof(title));
data/exult-1.6/files/Flex.cc:99:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(buffer, len);
data/exult-1.6/files/Flex.cc:140:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(titlebuf, title, sizeof(titlebuf) - 1);
data/exult-1.6/files/IFF.cc:80:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(type, 4);
data/exult-1.6/files/IFF.cc:115:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(buffer, len);
data/exult-1.6/files/IFF.cc:129:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(ckid, 4);
data/exult-1.6/files/Table.cc:88:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
data->read(buffer, len);
data/exult-1.6/files/databuf.h:45:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(void *, size_t) = 0;
data/exult-1.6/files/databuf.h:46:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::string&, size_t) = 0;
data/exult-1.6/files/databuf.h:104:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(void *b, size_t len) {
data/exult-1.6/files/databuf.h:105:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(static_cast<char *>(b), len);
data/exult-1.6/files/databuf.h:108:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::string& s, size_t len) {
data/exult-1.6/files/databuf.h:110:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(&s[0], len);
data/exult-1.6/files/databuf.h:211:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(void *b, size_t len) {
data/exult-1.6/files/databuf.h:216:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(std::string& s, size_t len) {
data/exult-1.6/files/listfiles.cc:58:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = strlen(name) + 1;
data/exult-1.6/files/listfiles.cc:71:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(stripped_path) - 1; i; i--)
data/exult-1.6/files/listfiles.cc:86:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen = std::strlen(stripped_path);
data/exult-1.6/files/listfiles.cc:87:12: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen2 = _tcslen(fileinfo.cFileName) + 1;
data/exult-1.6/files/listfiles.cc:119:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLen2 = _tcslen(lpMsgBuf) + 1;
data/exult-1.6/files/snprintf.cc:568:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = !q ? strlen(p) : (q - p);
data/exult-1.6/files/snprintf.cc:743:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!precision_specified) str_arg_l = strlen(str_arg);
data/exult-1.6/files/utils.cc:406:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nLen = std::strlen(n) + 1;
data/exult-1.6/files/utils.cc:493:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int nLen = std::strlen(n) + 1;
data/exult-1.6/files/utils.cc:711:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(dpath, runpath, plen + 1);
data/exult-1.6/files/utils.cc:810:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, toread);
data/exult-1.6/files/utils.cc:874:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ret = new char[std::strlen(s) + 1];
data/exult-1.6/files/utils.cc:898:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(to);
data/exult-1.6/files/zip/unzip.cc:680:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName) >= UNZ_MAXFILENAMEINZIP)
data/exult-1.6/files/zip/zip.cc:335:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_comment = strlen(comment);
data/exult-1.6/files/zip/zip.cc:337:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_filename = strlen(filename);
data/exult-1.6/files/zip/zip.cc:607:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_global_comment = strlen(global_comment);
data/exult-1.6/flic/playfli.cc:158:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fli_data->read(reinterpret_cast<char *>(&colors[current * 3]), change * 3);
data/exult-1.6/flic/playfli.cc:193:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fli_data->read(pixbuf, size_count);
data/exult-1.6/flic/playfli.cc:219:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fli_data->read(&pixbuf[pixpos],
data/exult-1.6/gamedat.cc:78:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gamedat.cc:79:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
using std::strncpy;
data/exult-1.6/gamedat.cc:107:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int baselen = strlen(basepath);
data/exult-1.6/gamedat.cc:116:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(&fname[baselen], 13);
data/exult-1.6/gamedat.cc:117:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(fname);
data/exult-1.6/gamedat.cc:123:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, len);
data/exult-1.6/gamedat.cc:313:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, base, sizeof(namebuf));
data/exult-1.6/gamedat.cc:316:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, len);
data/exult-1.6/gamedat.cc:339:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(namebuf, base, sizeof(namebuf));
data/exult-1.6/gamedat.cc:342:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
source.read(buf, len);
data/exult-1.6/gamedat.cc:425:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dname);
data/exult-1.6/gamedat.cc:472:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, sizeof(buf) - 1);
data/exult-1.6/gamedat.cc:546:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, namestr.c_str(), 18);
data/exult-1.6/gamedat.cc:628:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(party[i].name, 18);
data/exult-1.6/gamedat.cc:671:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, sizeof(buf) - 1);
data/exult-1.6/gamedat.cc:672:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char [strlen(buf) + 1];
data/exult-1.6/gamedat.cc:699:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(&fname[sizeof(GAMEDAT) - 1], 13);
data/exult-1.6/gamedat.cc:700:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(fname);
data/exult-1.6/gamedat.cc:707:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(buf, len);
data/exult-1.6/gamedat.cc:776:58: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
if (unzGetGlobalComment(unzipfile, namebuf, 0x50) <= 0) strncpy(namebuf, "UNNAMED", 0x50);
data/exult-1.6/gamedat.cc:777:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name = new char [strlen(namebuf) + 1];
data/exult-1.6/gamedat.cc:861:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(oname);
data/exult-1.6/gamedat.cc:986:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(oname);
data/exult-1.6/gamedat.cc:990:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(oname2); i++) {
data/exult-1.6/gamedat.cc:1052:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(buf, size);
data/exult-1.6/gamedat.cc:1101:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, fname2 ? fname2 : fname, 13);
data/exult-1.6/gamedat.cc:1114:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(buf, size);
data/exult-1.6/gamedat.cc:1155:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(title, savename, 0x50);
data/exult-1.6/gamemap.cc:74:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gamemap.cc:112:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chunks->read(reinterpret_cast<char *>(buf), ntiles * 3);
data/exult-1.6/gamemap.cc:115:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chunks->read(reinterpret_cast<char *>(buf), ntiles * 2);
data/exult-1.6/gamemap.cc:175:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chunks->read(v2buf, sizeof(v2buf));
data/exult-1.6/gamemap.cc:223:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
u7map.read(reinterpret_cast<char *>(buf), sizeof(buf));
data/exult-1.6/gamemap.cc:405:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fname);
data/exult-1.6/gamemap.cc:596:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifix->read(reinterpret_cast<char *>(entries), len);
data/exult-1.6/gamemap.cc:653:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(att) + 1 + 2; // Name, NULL, val.
data/exult-1.6/gamemap.cc:661:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ireg->write(att, strlen(att) + 1);
data/exult-1.6/gamemap.cc:702:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = 1 + strlen(str);
data/exult-1.6/gamemap.cc:838:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ireg->read(reinterpret_cast<char *>(buf), len);
data/exult-1.6/gamemap.cc:946:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ireg->read(reinterpret_cast<char *>(entry), entlen);
data/exult-1.6/gamemgr/bggame.cc:62:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gamemgr/bggame.cc:2086:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(npc_name);
data/exult-1.6/gamemgr/bggame.cc:2136:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (selected == 0 && strlen(npc_name) > 0)
data/exult-1.6/gamemgr/bggame.cc:2137:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
npc_name[strlen(npc_name) - 1] = 0;
data/exult-1.6/gamemgr/bggame.cc:2146:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(npc_name);
data/exult-1.6/gamemgr/modmgr.cc:298:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(fname, 13);
data/exult-1.6/gamemgr/modmgr.cc:301:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(game_identity, len);
data/exult-1.6/gamemgr/sigame.cc:49:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gamemgr/sigame.cc:1380:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(npc_name);
data/exult-1.6/gamemgr/sigame.cc:1430:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (selected == 0 && strlen(npc_name) > 0)
data/exult-1.6/gamemgr/sigame.cc:1431:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
npc_name[strlen(npc_name) - 1] = 0;
data/exult-1.6/gamemgr/sigame.cc:1440:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(npc_name);
data/exult-1.6/gamewin.cc:1357:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
identity_file.read(gamedat_identity, 256);
data/exult-1.6/gamewin.cc:1412:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Game_window::read(
data/exult-1.6/gamewin.cc:1573:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(); // This does the whole restore.
data/exult-1.6/gamewin.cc:2889:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
usecode->read(); // Read the usecode flags
data/exult-1.6/gamewin.h:560:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(); // Read in 'gamedat'.
data/exult-1.6/gumps/File_gump.cc:42:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gumps/File_gump.cc:43:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
using std::strncpy;
data/exult-1.6/gumps/File_gump.cc:168:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(text, newtxt ? newtxt : "", max_size);
data/exult-1.6/gumps/File_gump.cc:169:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(text);
data/exult-1.6/gumps/File_gump.cc:392:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gwin->read(); // And read the files in.
data/exult-1.6/gumps/Newfile_gump.cc:52:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gumps/Newfile_gump.cc:53:12: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
using std::strncpy;
data/exult-1.6/gumps/Newfile_gump.cc:251:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gwin->read();
data/exult-1.6/gumps/Newfile_gump.cc:280:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(newname) || selected == -3)
data/exult-1.6/gumps/Newfile_gump.cc:494:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
std::strncat(info, "\nFile: ", sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:494:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::strncat(info, "\nFile: ", sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:496:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int offset = strlen(filename);
data/exult-1.6/gumps/Newfile_gump.cc:504:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
std::strncat(info, filename + offset, sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:504:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::strncat(info, filename + offset, sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:514:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int offset = strlen(filename);
data/exult-1.6/gumps/Newfile_gump.cc:522:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
std::strncat(info, filename + offset, sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:522:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
std::strncat(info, filename + offset, sizeof(info) - strlen(info) - 1);
data/exult-1.6/gumps/Newfile_gump.cc:644:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursor = strlen(newname);
data/exult-1.6/gumps/Newfile_gump.cc:881:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cursor == -1 || cursor == static_cast<int>(strlen(newname)))
data/exult-1.6/gumps/Newfile_gump.cc:883:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned i = cursor; i < strlen(newname); i++)
data/exult-1.6/gumps/Newfile_gump.cc:893:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cursor > static_cast<int>(strlen(newname))) cursor = strlen(newname);
data/exult-1.6/gumps/Newfile_gump.cc:893:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cursor > static_cast<int>(strlen(newname))) cursor = strlen(newname);
data/exult-1.6/gumps/Newfile_gump.cc:960:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cur_party[i].name, namestr.c_str(), 18);
data/exult-1.6/gumps/Newfile_gump.cc:1075:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(filename) - 1; !isdigit(filename[i]); i--)
data/exult-1.6/gumps/Notebook_gump.cc:188:2: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read();
data/exult-1.6/gumps/Notebook_gump.cc:733:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Notebook_gump::read(
data/exult-1.6/gumps/Notebook_gump.h:102:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void read(); // Read it in.
data/exult-1.6/gumps/Sign_gump.cc:41:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!avatar->get_flag(Obj_flags::read))
data/exult-1.6/gumps/Sign_gump.cc:86:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!serpentine && avatar->get_flag(Obj_flags::read)) {
data/exult-1.6/gumps/Spellbook_gump.cc:465:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
std::strcpy(text, "#"); // # = infinity in SI's font 5
data/exult-1.6/gumps/Spellbook_gump.cc:471:11: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
std::strcpy(text, "");
data/exult-1.6/gumps/Text_gump.cc:30:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/gumps/Text_gump.cc:39:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = strlen(str); // Length of new text.
data/exult-1.6/keyactions.cc:117:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gwin->read();
data/exult-1.6/keys.cc:47:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/keys.cc:577:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(returned_key, ""); // prevent garbage text
data/exult-1.6/keys.cc:853:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; strlen(SDLKeyStringTable[i].s) > 0; i++)
data/exult-1.6/keys.cc:856:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; strlen(ExultActions[i].s) > 0; i++)
data/exult-1.6/mapedit/chunklst.cc:204:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chunkfile.read(reinterpret_cast<char *>(data), chunksz);
data/exult-1.6/mapedit/chunklst.cc:770:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
chunkfile.read(v2buf, sizeof(v2buf));
data/exult-1.6/mapedit/combo.cc:478:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *Combo::read(
data/exult-1.6/mapedit/combo.cc:788:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/exult-1.6/mapedit/combo.cc:848:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
combo->read(buf, len);
data/exult-1.6/mapedit/combo.h:85:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
const unsigned char *read(const unsigned char *buf, int bufsize);
data/exult-1.6/mapedit/execbox.cc:106:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((len = read(id, buf, sizeof(buf))) > 0)
data/exult-1.6/mapedit/execbox.cc:318:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_text_buffer_insert_at_cursor(buffer, txt, strlen(txt));
data/exult-1.6/mapedit/maps.cc:170:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(fname + strlen(fname), "%02x", schunk);
data/exult-1.6/mapedit/maps.cc:172:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(tname + strlen(tname), "%02x", schunk);
data/exult-1.6/mapedit/npcedit.cc:826:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *numptr = name + strlen(name) - 1;
data/exult-1.6/mapedit/shapeedit.cc:3353:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ucfun == eptr || strlen(ucfun) == 0)
data/exult-1.6/mapedit/shapefile.cc:346:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(entries[0], size);
data/exult-1.6/mapedit/shapefile.cc:443:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcasecmp(".pal", bname + strlen(bname) - 4) == 0)
data/exult-1.6/mapedit/shapefile.cc:519:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(entries[0], sz);
data/exult-1.6/mapedit/shapefile.cc:547:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(basename);
data/exult-1.6/mapedit/shapefile.cc:625:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strcasecmp(".pal", basename + strlen(basename) - 4) == 0) {
data/exult-1.6/mapedit/shapegroup.cc:234:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gname) + strlen(gname) + 1;
data/exult-1.6/mapedit/shapegroup.cc:374:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
long len = strlen(nm) + 1 + 2 + 2 * sz;
data/exult-1.6/mapedit/shapegroup.cc:377:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned char *ptr = buf + strlen(nm) + 1;
data/exult-1.6/mapedit/shapelst.cc:73:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/mapedit/shapelst.cc:1234:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fullname = new char[strlen(fname) + 30];
data/exult-1.6/mapedit/shapelst.cc:1279:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fullname = new char[strlen(fname) + 30];
data/exult-1.6/mapedit/shapelst.cc:1334:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(fname);
data/exult-1.6/mapedit/shapelst.cc:2460:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/exult-1.6/mapedit/shapelst.cc:2473:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(buf);
data/exult-1.6/mapedit/studio.cc:596:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(path, ".");
data/exult-1.6/mapedit/studio.cc:852:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *eptr = dir + strlen(dir) - 1;
data/exult-1.6/mapedit/studio.cc:1361:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fname);
data/exult-1.6/mapedit/studio.cc:1363:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(fname, ".") || !strcmp(fname, "..") || strcasecmp(fname + flen - strlen(ext), ext) != 0)
data/exult-1.6/mapedit/studio.cc:1378:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int flen = strlen(fname);
data/exult-1.6/mapedit/studio.cc:1380:82: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(fname, ".") || !strcmp(fname, "..") || strcasecmp(fname + flen - strlen(ext), ext) != 0)
data/exult-1.6/mapedit/studio.cc:1689:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_editable_insert_text(ed, text, strlen(text), &pos);
data/exult-1.6/mapedit/studio.cc:2638:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(addr.sun_family) + strlen(addr.sun_path) + 1) == -1) {
data/exult-1.6/mapedit/studio.cc:2825:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (size_t i = 0; i < strlen(menustr.c_str()); i++)
data/exult-1.6/mapedit/tools/smooth/config.c:57:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line_length = strlen(line);
data/exult-1.6/mapedit/tools/smooth/config.c:83:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(line, line + 1, line_length - 3); // what's between the '[' and the ']'
data/exult-1.6/mapedit/tools/smooth/config.c:120:10: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "%6s", col) != 1 || strlen(col) != 6) { // just read 6 characters to prevent buffer overflow
data/exult-1.6/mapedit/tools/smooth/config.c:120:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sscanf(line, "%6s", col) != 1 || strlen(col) != 6) { // just read 6 characters to prevent buffer overflow
data/exult-1.6/mapedit/tools/smooth/image.c:87:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(img_out + strlen(img_out) - 4, ".bmp", 4)) { // img_out does not end in .bmp
data/exult-1.6/mapedit/tools/smooth/param.c:32:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return(!strncmp(val, "-", 1) && strlen(val) == 2);
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_randomize.c:50:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, size = strlen(line);
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_smooth.c:67:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, size = strlen(line);
data/exult-1.6/mapedit/tools/smooth/plugins/plugin_stream.c:65:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, size = strlen(line);
data/exult-1.6/mapedit/u7shp.c:250:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:256:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:257:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:265:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:266:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:276:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:277:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:278:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b2 = fgetc(f);
data/exult-1.6/mapedit/u7shp.c:279:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b3 = fgetc(f);
data/exult-1.6/mapedit/ucbrowse.cc:321:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
symtbl.read(in);
data/exult-1.6/mapedit/uniquepal.c:39:28: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
for (c2 = 0; c2 < 256 && !equal; c2++)
data/exult-1.6/mapedit/uniquepal.c:42:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !equal;
data/exult-1.6/mapedit/uniquepal.c:68:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tmp = getc(fp);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:164:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(p);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:242:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(p, si_pathdef, MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:252:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(lpszValue, bg_pathdef, MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:260:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(lpszValue, bg_pathdef, MAX_STRLEN);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:270:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(lpszValue);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:314:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = std::strlen(si_sfx);
data/exult-1.6/msvc9/exconfig/exconfig.cpp:315:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen -= std::strlen("jmsfxsi.flx");
data/exult-1.6/msvc9/exconfig/exconfig.cpp:319:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(fixed, si_sfx, slen);
data/exult-1.6/msvc9/msvc_kludges.h:133:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::wcslen;
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:164:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(p);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:242:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(p, si_pathdef, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:252:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(lpszValue, bg_pathdef, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:260:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(lpszValue, bg_pathdef, MAX_STRLEN);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:270:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(lpszValue);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:314:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = std::strlen(si_sfx);
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:315:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen -= std::strlen("jmsfxsi.flx");
data/exult-1.6/msvcstuff/exconfig/exconfig.cpp:319:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(fixed, si_sfx, slen);
data/exult-1.6/msvcstuff/msvc_kludges.h:142:12: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::wcslen;
data/exult-1.6/opengl/model3ds.cc:71:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(v, sizeof(v));
data/exult-1.6/opengl/model3ds.cc:76:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(v, sizeof(v));
data/exult-1.6/opengl/model3ds.cc:87:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(v, sizeof(v));
data/exult-1.6/opengl/model3ds.cc:103:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(header, sizeof(header));
data/exult-1.6/opengl/model3ds.cc:216:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur);
data/exult-1.6/opengl/model3ds.cc:220:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top_read += read; // Add to top's total.
data/exult-1.6/opengl/model3ds.cc:246:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(c, 3);
data/exult-1.6/opengl/model3ds.cc:252:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur);
data/exult-1.6/opengl/model3ds.cc:255:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top_read += read; // Add to top's total.
data/exult-1.6/opengl/model3ds.cc:282:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur); //+++++++
data/exult-1.6/opengl/model3ds.cc:314:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur);
data/exult-1.6/opengl/model3ds.cc:318:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top_read += read; // Add to top's total.
data/exult-1.6/opengl/model3ds.cc:364:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur);
data/exult-1.6/opengl/model3ds.cc:368:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top_read += read; // Add to top's total.
data/exult-1.6/opengl/model3ds.cc:457:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.seekg(len - read, ios::cur);
data/exult-1.6/opengl/model3ds.cc:461:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
top_read += read; // Add to top's total.
data/exult-1.6/readnpcs.cc:62:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
main_actor->read(&nfile, 0, false, fix_unused);
data/exult-1.6/readnpcs.cc:81:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
npcs[i]->read(&nfile, i, i < num_npcs1, fix_unused);
data/exult-1.6/readnpcs.cc:109:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
act->read(&nfile, -1, false, fix_unused);
data/exult-1.6/readnpcs.cc:219:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sfile.read(reinterpret_cast<char *>(ent), 4);
data/exult-1.6/readnpcs.cc:224:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sfile.read(reinterpret_cast<char *>(ent), 8);
data/exult-1.6/readnpcs.cc:270:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
sfile.read(nm, sz);
data/exult-1.6/readnpcs.cc:320:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
total += 2 + strlen(*it);
data/exult-1.6/readnpcs.cc:324:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(*it);
data/exult-1.6/server/objserial.cc:43:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(str); // Get length.
data/exult-1.6/server/servemsg.cc:90:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int len = read(socket, buf, 2); // Get magic.
data/exult-1.6/server/servemsg.cc:103:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(socket, buf, 3) != 3) {
data/exult-1.6/server/servemsg.cc:115:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
datalen = read(socket, data, dlen); // Read data.
data/exult-1.6/server/server.cc:157:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(addr.sun_family) + strlen(addr.sun_path) + 1) == -1 ||
data/exult-1.6/server/server.cc:425:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
wptr += strlen(reinterpret_cast<char *>(wptr)) + 1;
data/exult-1.6/server/servewin32.cc:90:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int file, void *v, unsigned int len) {
data/exult-1.6/server/servewin32.h:33:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(int file, void *v, unsigned int len);
data/exult-1.6/shapeid.cc:259:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read(reinterpret_cast<char *>(blends), nblends * 4);
data/exult-1.6/shapeid.cc:275:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fin.read(reinterpret_cast<char *>(blends), nblends * 4);
data/exult-1.6/shapes/data_utils.h:257:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(const char *fname, bool patch, Exult_Game game) {
data/exult-1.6/shapes/data_utils.h:266:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(Exult_Game game, int resource) {
data/exult-1.6/shapes/data_utils.h:440:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(&(info.*data)), sizeof(T));
data/exult-1.6/shapes/data_utils.h:454:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(&(info.*data1)), sizeof(T1));
data/exult-1.6/shapes/data_utils.h:455:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(&(info.*data2)), sizeof(T2));
data/exult-1.6/shapes/data_utils.h:469:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (!cls->read(in, version, game)) {
data/exult-1.6/shapes/data_utils.h:499:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
cls.read(in, version, game);
data/exult-1.6/shapes/fontgen.cc:230:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(logfont.lfFaceName, famname, LF_FACESIZE - 1);
data/exult-1.6/shapes/items.cc:251:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
items.read(newitem, itemlen);
data/exult-1.6/shapes/shapeinf/ammoinf.cc:78:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Ammo_info::read(
data/exult-1.6/shapes/shapeinf/ammoinf.cc:85:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(buf), sizeof(buf));
data/exult-1.6/shapes/shapeinf/ammoinf.h:63:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/aniinf.cc:37:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Animation_info::read(
data/exult-1.6/shapes/shapeinf/aniinf.h:65:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/armorinf.cc:45:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Armor_info::read(
data/exult-1.6/shapes/shapeinf/armorinf.cc:52:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(buf), sizeof(buf));
data/exult-1.6/shapes/shapeinf/armorinf.h:44:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/bodyinf.cc:31:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Body_info::read(
data/exult-1.6/shapes/shapeinf/bodyinf.h:46:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/continf.cc:31:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Content_rules::read(
data/exult-1.6/shapes/shapeinf/continf.h:55:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/effhpinf.cc:31:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Effective_hp_info::read(
data/exult-1.6/shapes/shapeinf/effhpinf.h:56:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/expinf.cc:31:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Explosion_info::read(
data/exult-1.6/shapes/shapeinf/expinf.h:46:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/frflags.cc:31:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Frame_flags_info::read(
data/exult-1.6/shapes/shapeinf/frflags.h:90:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/frnameinf.cc:31:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Frame_name_info::read(
data/exult-1.6/shapes/shapeinf/frnameinf.h:59:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/frusefun.cc:31:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Frame_usecode_info::read(
data/exult-1.6/shapes/shapeinf/frusefun.h:61:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/monstinf.cc:41:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Monster_info::read(
data/exult-1.6/shapes/shapeinf/monstinf.cc:48:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(buf), sizeof(buf));
data/exult-1.6/shapes/shapeinf/monstinf.h:132:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/npcdollinf.cc:31:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Paperdoll_npc::read(
data/exult-1.6/shapes/shapeinf/npcdollinf.h:59:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/objdollinf.cc:31:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Paperdoll_item::read(
data/exult-1.6/shapes/shapeinf/objdollinf.h:74:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/sfxinf.cc:31:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool SFX_info::read(
data/exult-1.6/shapes/shapeinf/sfxinf.h:50:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/warminf.cc:31:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Warmth_info::read(
data/exult-1.6/shapes/shapeinf/warminf.h:55:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapeinf/weaponinf.cc:105:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool Weapon_info::read(
data/exult-1.6/shapes/shapeinf/weaponinf.cc:112:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(buf), sizeof(buf));
data/exult-1.6/shapes/shapeinf/weaponinf.h:93:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool read(std::istream &in, int version, Exult_Game game);
data/exult-1.6/shapes/shapevga.cc:402:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
weapon.read(WEAPONS, false, game);
data/exult-1.6/shapes/shapevga.cc:406:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ammo.read(AMMO, false, game);
data/exult-1.6/shapes/shapevga.cc:410:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
monstinf.read(MONSTERS, false, game);
data/exult-1.6/shapes/shapevga.cc:464:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
tfa.read(reinterpret_cast<char *>(&info[i].tfa[0]), 3);
data/exult-1.6/shapes/shapevga.cc:475:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stfa.read(reinterpret_cast<char *>(buf), 512);
data/exult-1.6/shapes/shapevga.cc:528:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
occ.read(reinterpret_cast<char *>(occbits), sizeof(occbits));
data/exult-1.6/shapes/shapevga.cc:562:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
armor.read(ARMOR, false, game);
data/exult-1.6/shapes/shapevga.cc:563:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
armor.read(PATCH_ARMOR, true, game);
data/exult-1.6/shapes/shapevga.cc:568:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
weapon.read(WEAPONS, false, game);
data/exult-1.6/shapes/shapevga.cc:569:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
weapon.read(PATCH_WEAPONS, true, game);
data/exult-1.6/shapes/shapevga.cc:574:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ammo.read(AMMO, false, game);
data/exult-1.6/shapes/shapevga.cc:575:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ammo.read(PATCH_AMMO, true, game);
data/exult-1.6/shapes/shapevga.cc:580:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
monstinf.read(MONSTERS, false, game);
data/exult-1.6/shapes/shapevga.cc:581:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
monstinf.read(PATCH_MONSTERS, true, game);
data/exult-1.6/shapes/shapevga.cc:586:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gump.read(game, game == BLACK_GATE ?
data/exult-1.6/shapes/shapevga.cc:589:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gump.read(CONTAINER, false, game);
data/exult-1.6/shapes/shapevga.cc:590:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
gump.read(PATCH_CONTAINER, true, game);
data/exult-1.6/shapes/shapevga.cc:596:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ready.read(READY, false, game);
data/exult-1.6/shapes/shapevga.cc:597:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ready.read(PATCH_READY, true, game);
data/exult-1.6/shapes/vgafile.cc:335:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int Shape_frame::read(
data/exult-1.6/shapes/vgafile.cc:381:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
shapes->read(reinterpret_cast<char *>(data), c_num_tile_bytes);
data/exult-1.6/shapes/vgafile.cc:403:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
shapes->read(reinterpret_cast<char *>(data), len);
data/exult-1.6/shapes/vgafile.cc:806:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Shape_frame *Shape::read(
data/exult-1.6/shapes/vgafile.cc:859:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int nframes = frame->read(shp, shapeoff, shapelen, framenum);
data/exult-1.6/shapes/vgafile.cc:1016:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
create_frames_list(frame->read(shape_source, location, shapelen, 0));
data/exult-1.6/shapes/vgafile.cc:1021:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
frame->read(shape_source, location, shapelen, i);
data/exult-1.6/shapes/vgafile.h:120:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned int read(IDataSource *shapes, uint32 shapeoff,
data/exult-1.6/shapes/vgafile.h:208:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Shape_frame *read(std::vector<std::pair<IDataSource *, bool> > const &shapes, int shnum,
data/exult-1.6/shapes/vgafile.h:241:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(shapes, shnum, frnum, counts, src);
data/exult-1.6/tools/expack.cc:374:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ifs.read(buf, fsize);
data/exult-1.6/tools/ipack.cc:54:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/tools/ipack.cc:97:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(basename) + strlen("SSSS_") + 1;
data/exult-1.6/tools/ipack.cc:97:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelen = strlen(basename) + strlen("SSSS_") + 1;
data/exult-1.6/tools/ipack.cc:412:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *txtpal = new char[strlen(palname) + 10];
data/exult-1.6/tools/ipack.cc:449:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fullname = new char[strlen(basename) + 30];
data/exult-1.6/tools/ipack.cc:675:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fullname = new char[strlen(basename) + 30];
data/exult-1.6/tools/rip.cc:41:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[strlen(s) - 1] = 0;
data/exult-1.6/tools/rip.cc:48:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fi2);
data/exult-1.6/tools/rip.cc:141:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fputc(fgetc(fi), fo);
data/exult-1.6/tools/rip.cc:181:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fputc(fgetc(fo), fi); /* write. Without them they */
data/exult-1.6/tools/shp2pcx.cc:55:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/tools/shp2pcx.cc:95:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:101:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:102:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:110:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:111:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:121:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:122:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:123:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b2 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:124:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b3 = fgetc(f);
data/exult-1.6/tools/shp2pcx.cc:426:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(outprefix) > 128) {
data/exult-1.6/tools/splitshp.cc:36:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/tools/splitshp.cc:55:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:61:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:62:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:69:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:70:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:80:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b0 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:81:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b1 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:82:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b2 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:83:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b3 = fgetc(f);
data/exult-1.6/tools/splitshp.cc:95:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *fn = new char[strlen(shapefilename) + 5]; //_xxx\0
data/exult-1.6/tools/splitshp.cc:105:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dotpos = strlen(shapefilename);
data/exult-1.6/tools/u7voice2syx.cc:323:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ds.read(sysex_buffer + 8, timbre_mem_size);
data/exult-1.6/tools/wuc.cc:76:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (token[strlen(token) - 1] == ':')
data/exult-1.6/tools/wuc.cc:77:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token[strlen(token) - 1] = 0;
data/exult-1.6/tools/wuc.cc:129:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fi);
data/exult-1.6/tools/wuc.cc:137:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fi)) != '\n') /* do nothing */ ;
data/exult-1.6/tools/wuc.cc:141:16: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = fgetc(fi)) != '\n') {
data/exult-1.6/tools/wuc.cc:151:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fi);
data/exult-1.6/tools/wuc.cc:203:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > 1 && token[strlen(token) - 1] == ':') {
data/exult-1.6/tools/wuc.cc:203:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(token) > 1 && token[strlen(token) - 1] == ':') {
data/exult-1.6/tools/wuc.cc:204:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
token[strlen(token) - 1] = 0; // remove trailing ':'
data/exult-1.6/tools/wuc.cc:249:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 1; i < strlen(token); i++)
data/exult-1.6/txtscroll.cc:48:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/txtscroll.cc:109:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *txt = new char[strlen(ptr) + 1];
data/exult-1.6/usecode/compiler/ucfun.cc:44:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/compiler/ucfun.cc:392:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int textlen = strlen(text) + 1; // Got to include ending null.
data/exult-1.6/usecode/compiler/ucfun.cc:416:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(text);
data/exult-1.6/usecode/compiler/ucloc.cc:35:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/compiler/ucloc.cc:62:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/exult-1.6/usecode/compiler/ucmain.cc:45:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/compiler/ucmain.cc:90:14: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
outname = strncpy(outbuf, src, sizeof(outbuf) - 5);
data/exult-1.6/usecode/compiler/ucmain.cc:94:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dot = outname + strlen(outname);
data/exult-1.6/usecode/intrinsics.cc:1698:61: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bool do_serp = gwin->get_main_actor()->get_flag(Obj_flags::read) == false;
data/exult-1.6/usecode/intrinsics.cc:3331:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spec = fmt + std::strlen(fmt);
data/exult-1.6/usecode/keyring.cc:33:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Keyring::read() {
data/exult-1.6/usecode/keyring.h:28:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(); // read from KEYRING.DAT
data/exult-1.6/usecode/ucdisasm.cc:31:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/ucdisasm.cc:87:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pdesc->mnemonic) < 4)
data/exult-1.6/usecode/ucdisasm.cc:118:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pstr);
data/exult-1.6/usecode/ucdisasm.cc:124:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len < strlen(pstr))
data/exult-1.6/usecode/ucfunction.cc:56:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read(reinterpret_cast<char *>(code), len);
data/exult-1.6/usecode/ucinternal.cc:102:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/ucinternal.cc:448:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = String ? strlen(String) : 0;
data/exult-1.6/usecode/ucinternal.cc:449:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(str);
data/exult-1.6/usecode/ucinternal.cc:1821:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
symtbl->read(file);
data/exult-1.6/usecode/ucinternal.cc:3201:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nfile->write2(strlen(nm));
data/exult-1.6/usecode/ucinternal.cc:3202:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nfile->write(nm, strlen(nm));
data/exult-1.6/usecode/ucinternal.cc:3227:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Usecode_internal::read(
data/exult-1.6/usecode/ucinternal.cc:3230:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
keyring->read(); // read keyring data
data/exult-1.6/usecode/ucinternal.cc:3242:6: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in.read(reinterpret_cast<char *>(gflags), filesize);
data/exult-1.6/usecode/ucinternal.cc:3314:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nfile.read(nm, len);
data/exult-1.6/usecode/ucinternal.h:498:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read(); // Read in 'gamedat/usecode.dat'.
data/exult-1.6/usecode/ucmachine.h:102:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read() = 0; // Read in 'gamedat/usecode.dat'.
data/exult-1.6/usecode/ucsymtbl.cc:46:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Usecode_scope_symbol::read(istream &in) {
data/exult-1.6/usecode/ucsymtbl.cc:60:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s->read(in);
data/exult-1.6/usecode/ucsymtbl.cc:93:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out.write(nm, strlen(nm) + 1);
data/exult-1.6/usecode/ucsymtbl.cc:208:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void Usecode_class_symbol::read(istream &in) {
data/exult-1.6/usecode/ucsymtbl.cc:209:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Usecode_scope_symbol::read(in);
data/exult-1.6/usecode/ucsymtbl.h:96:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::istream &in);
data/exult-1.6/usecode/ucsymtbl.h:137:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read(std::istream &in);
data/exult-1.6/usecode/ucxt/src/ucdata.cc:95:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stopstr - argv[i] < static_cast<int>(strlen(argv[i])))
data/exult-1.6/usecode/ucxt/src/ucdata.cc:352:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
_symtbl->read(_file);
data/exult-1.6/usecode/useval.cc:47:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
using std::strlen;
data/exult-1.6/usecode/useval.cc:414:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int newlen = strlen(v2.get_str_value()) + 32;
data/exult-1.6/usecode/useval.cc:427:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int newlen = strlen(v1.get_str_value()) + 32;
data/exult-1.6/usecode/useval.cc:435:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int newlen = strlen(v1.get_str_value()) +
data/exult-1.6/usecode/useval.cc:436:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(v2.get_str_value()) + 32;
data/exult-1.6/usecode/useval.cc:489:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int newlen = strlen(v1.get_str_value()) +
data/exult-1.6/usecode/useval.cc:490:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(v2.get_str_value()) + 32;
data/exult-1.6/usecode/useval.cc:539:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(classname);
data/exult-1.6/usecode/useval.cc:545:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(value.str);
data/exult-1.6/usecode/useval.cc:589:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(nm, len);
data/exult-1.6/usecode/useval.cc:598:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
in->read(value.str, len);
data/exult-1.6/win32/exconfig.cc:191:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = std::strlen(p);
data/exult-1.6/win32/exconfig.cc:224:20: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
if (network) std::strncat(p, "\\\\", max_strlen);
data/exult-1.6/win32/exconfig.cc:226:12: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
else std::strncat(p, "\\", max_strlen);
data/exult-1.6/win32/exconfig.cc:230:8: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
std::strncat(p, d->name, max_strlen);
data/exult-1.6/win32/exconfig.cc:232:15: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
if (d) std::strncat(p, "\\", max_strlen);
data/exult-1.6/win32/exconfig.cc:254:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p_size = strlen(ExultDir) + strlen("/exult.cfg") + MAX_STRLEN;
data/exult-1.6/win32/exconfig.cc:254:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p_size = strlen(ExultDir) + strlen("/exult.cfg") + MAX_STRLEN;
data/exult-1.6/win32/exconfig.cc:285:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(SIPath, si_pathdef, MaxPath);
data/exult-1.6/win32/exconfig.cc:295:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(BGPath, bg_pathdef, MaxPath);
data/exult-1.6/win32/exconfig.cc:298:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(BGPath, bg_pathdef, MaxPath);
data/exult-1.6/win32/exconfig.cc:299:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(SIPath, si_pathdef, MaxPath);
data/exult-1.6/win32/exconfig.cc:315:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p_size = strlen(ExultDir) + strlen("/exult.cfg") + MAX_STRLEN;
data/exult-1.6/win32/exconfig.cc:315:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int p_size = strlen(ExultDir) + strlen("/exult.cfg") + MAX_STRLEN;
data/exult-1.6/win32/exconfig.cc:352:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int slen = std::strlen(si_sfx);
data/exult-1.6/win32/exconfig.cc:353:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen -= std::strlen("jmsfxsi.flx");
data/exult-1.6/win32/exconfig.cc:357:10: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
std::strncpy(fixed, si_sfx, slen);
ANALYSIS SUMMARY:
Hits = 1486
Lines analyzed = 218507 in approximately 5.13 seconds (42563 lines/second)
Physical Source Lines of Code (SLOC) = 159884
Hits@level = [0] 453 [1] 501 [2] 734 [3] 29 [4] 206 [5] 16
Hits@level+ = [0+] 1939 [1+] 1486 [2+] 985 [3+] 251 [4+] 222 [5+] 16
Hits/KSLOC@level+ = [0+] 12.1275 [1+] 9.29424 [2+] 6.16072 [3+] 1.56989 [4+] 1.38851 [5+] 0.100073
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.