Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/goxel-0.10.6/ext_src/glew/GL/glew.h
Examining data/goxel-0.10.6/ext_src/glew/GL/wglew.h
Examining data/goxel-0.10.6/ext_src/glew/glew.c
Examining data/goxel-0.10.6/ext_src/imgui/imconfig.h
Examining data/goxel-0.10.6/ext_src/imgui/imgui.cpp
Examining data/goxel-0.10.6/ext_src/imgui/imgui.h
Examining data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp
Examining data/goxel-0.10.6/ext_src/imgui/imgui_internal.h
Examining data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp
Examining data/goxel-0.10.6/ext_src/imgui/imstb_rectpack.h
Examining data/goxel-0.10.6/ext_src/imgui/imstb_textedit.h
Examining data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h
Examining data/goxel-0.10.6/ext_src/inih/ini.c
Examining data/goxel-0.10.6/ext_src/inih/ini.h
Examining data/goxel-0.10.6/ext_src/json/json-builder.c
Examining data/goxel-0.10.6/ext_src/json/json-builder.h
Examining data/goxel-0.10.6/ext_src/json/json.c
Examining data/goxel-0.10.6/ext_src/json/json.h
Examining data/goxel-0.10.6/ext_src/lua/lapi.c
Examining data/goxel-0.10.6/ext_src/lua/lapi.h
Examining data/goxel-0.10.6/ext_src/lua/lauxlib.c
Examining data/goxel-0.10.6/ext_src/lua/lauxlib.h
Examining data/goxel-0.10.6/ext_src/lua/lbaselib.c
Examining data/goxel-0.10.6/ext_src/lua/lbitlib.c
Examining data/goxel-0.10.6/ext_src/lua/lcode.c
Examining data/goxel-0.10.6/ext_src/lua/lcode.h
Examining data/goxel-0.10.6/ext_src/lua/lcorolib.c
Examining data/goxel-0.10.6/ext_src/lua/lctype.c
Examining data/goxel-0.10.6/ext_src/lua/lctype.h
Examining data/goxel-0.10.6/ext_src/lua/ldblib.c
Examining data/goxel-0.10.6/ext_src/lua/ldebug.c
Examining data/goxel-0.10.6/ext_src/lua/ldebug.h
Examining data/goxel-0.10.6/ext_src/lua/ldo.c
Examining data/goxel-0.10.6/ext_src/lua/ldo.h
Examining data/goxel-0.10.6/ext_src/lua/ldump.c
Examining data/goxel-0.10.6/ext_src/lua/lfunc.c
Examining data/goxel-0.10.6/ext_src/lua/lfunc.h
Examining data/goxel-0.10.6/ext_src/lua/lgc.c
Examining data/goxel-0.10.6/ext_src/lua/lgc.h
Examining data/goxel-0.10.6/ext_src/lua/linit.c
Examining data/goxel-0.10.6/ext_src/lua/liolib.c
Examining data/goxel-0.10.6/ext_src/lua/llex.c
Examining data/goxel-0.10.6/ext_src/lua/llex.h
Examining data/goxel-0.10.6/ext_src/lua/llimits.h
Examining data/goxel-0.10.6/ext_src/lua/lmathlib.c
Examining data/goxel-0.10.6/ext_src/lua/lmem.c
Examining data/goxel-0.10.6/ext_src/lua/lmem.h
Examining data/goxel-0.10.6/ext_src/lua/loadlib.c
Examining data/goxel-0.10.6/ext_src/lua/lobject.c
Examining data/goxel-0.10.6/ext_src/lua/lobject.h
Examining data/goxel-0.10.6/ext_src/lua/lopcodes.c
Examining data/goxel-0.10.6/ext_src/lua/lopcodes.h
Examining data/goxel-0.10.6/ext_src/lua/loslib.c
Examining data/goxel-0.10.6/ext_src/lua/lparser.c
Examining data/goxel-0.10.6/ext_src/lua/lparser.h
Examining data/goxel-0.10.6/ext_src/lua/lprefix.h
Examining data/goxel-0.10.6/ext_src/lua/lstate.c
Examining data/goxel-0.10.6/ext_src/lua/lstate.h
Examining data/goxel-0.10.6/ext_src/lua/lstring.c
Examining data/goxel-0.10.6/ext_src/lua/lstring.h
Examining data/goxel-0.10.6/ext_src/lua/lstrlib.c
Examining data/goxel-0.10.6/ext_src/lua/ltable.c
Examining data/goxel-0.10.6/ext_src/lua/ltable.h
Examining data/goxel-0.10.6/ext_src/lua/ltablib.c
Examining data/goxel-0.10.6/ext_src/lua/ltm.c
Examining data/goxel-0.10.6/ext_src/lua/ltm.h
Examining data/goxel-0.10.6/ext_src/lua/lua.h
Examining data/goxel-0.10.6/ext_src/lua/luaconf.h
Examining data/goxel-0.10.6/ext_src/lua/lualib.h
Examining data/goxel-0.10.6/ext_src/lua/lundump.c
Examining data/goxel-0.10.6/ext_src/lua/lundump.h
Examining data/goxel-0.10.6/ext_src/lua/lutf8lib.c
Examining data/goxel-0.10.6/ext_src/lua/lvm.c
Examining data/goxel-0.10.6/ext_src/lua/lvm.h
Examining data/goxel-0.10.6/ext_src/lua/lzio.c
Examining data/goxel-0.10.6/ext_src/lua/lzio.h
Examining data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h
Examining data/goxel-0.10.6/ext_src/stb/stb_image.h
Examining data/goxel-0.10.6/ext_src/stb/stb_image_write.h
Examining data/goxel-0.10.6/ext_src/stb/stb_rect_pack.h
Examining data/goxel-0.10.6/ext_src/stb/stb_textedit.h
Examining data/goxel-0.10.6/ext_src/stb/stb_truetype.h
Examining data/goxel-0.10.6/ext_src/uthash/utarray.h
Examining data/goxel-0.10.6/ext_src/uthash/uthash.h
Examining data/goxel-0.10.6/ext_src/uthash/utlist.h
Examining data/goxel-0.10.6/ext_src/xxhash/xxhash.c
Examining data/goxel-0.10.6/ext_src/xxhash/xxhash.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp
Examining data/goxel-0.10.6/ext_src/yocto/ext/happly.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h
Examining data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_bvh.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_image.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_math.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_obj.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_random.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_scene.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_scene.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_shape.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_shape.h
Examining data/goxel-0.10.6/ext_src/yocto/yocto_trace.cpp
Examining data/goxel-0.10.6/ext_src/yocto/yocto_trace.h
Examining data/goxel-0.10.6/osx/goxel/goxel/goxel-Bridging-Header.h
Examining data/goxel-0.10.6/src/action.c
Examining data/goxel-0.10.6/src/action.h
Examining data/goxel-0.10.6/src/assets.c
Examining data/goxel-0.10.6/src/assets.h
Examining data/goxel-0.10.6/src/block_def.h
Examining data/goxel-0.10.6/src/box_edit.c
Examining data/goxel-0.10.6/src/camera.c
Examining data/goxel-0.10.6/src/camera.h
Examining data/goxel-0.10.6/src/config.h
Examining data/goxel-0.10.6/src/formats/dicom.c
Examining data/goxel-0.10.6/src/formats/gltf.c
Examining data/goxel-0.10.6/src/formats/gox.c
Examining data/goxel-0.10.6/src/formats/png.c
Examining data/goxel-0.10.6/src/formats/png_slices.c
Examining data/goxel-0.10.6/src/formats/povray.c
Examining data/goxel-0.10.6/src/formats/qubicle.c
Examining data/goxel-0.10.6/src/formats/txt.c
Examining data/goxel-0.10.6/src/formats/vox.c
Examining data/goxel-0.10.6/src/formats/voxlap.c
Examining data/goxel-0.10.6/src/formats/vxl.c
Examining data/goxel-0.10.6/src/formats/wavefront.c
Examining data/goxel-0.10.6/src/gesture.c
Examining data/goxel-0.10.6/src/gesture.h
Examining data/goxel-0.10.6/src/gesture3d.c
Examining data/goxel-0.10.6/src/gesture3d.h
Examining data/goxel-0.10.6/src/glew-mx.h
Examining data/goxel-0.10.6/src/goxel.c
Examining data/goxel-0.10.6/src/goxel.h
Examining data/goxel-0.10.6/src/gui.cpp
Examining data/goxel-0.10.6/src/gui.h
Examining data/goxel-0.10.6/src/gui/about.c
Examining data/goxel-0.10.6/src/gui/app.c
Examining data/goxel-0.10.6/src/gui/cameras_panel.c
Examining data/goxel-0.10.6/src/gui/debug_panel.c
Examining data/goxel-0.10.6/src/gui/export_panel.c
Examining data/goxel-0.10.6/src/gui/image_panel.c
Examining data/goxel-0.10.6/src/gui/layers_panel.c
Examining data/goxel-0.10.6/src/gui/light_panel.c
Examining data/goxel-0.10.6/src/gui/material_panel.c
Examining data/goxel-0.10.6/src/gui/menu.c
Examining data/goxel-0.10.6/src/gui/palette_panel.c
Examining data/goxel-0.10.6/src/gui/render_panel.c
Examining data/goxel-0.10.6/src/gui/settings.c
Examining data/goxel-0.10.6/src/gui/tools_panel.c
Examining data/goxel-0.10.6/src/gui/topbar.c
Examining data/goxel-0.10.6/src/gui/view_panel.c
Examining data/goxel-0.10.6/src/image.c
Examining data/goxel-0.10.6/src/image.h
Examining data/goxel-0.10.6/src/imgui.cpp
Examining data/goxel-0.10.6/src/inputs.h
Examining data/goxel-0.10.6/src/layer.c
Examining data/goxel-0.10.6/src/layer.h
Examining data/goxel-0.10.6/src/log.h
Examining data/goxel-0.10.6/src/luagoxel.c
Examining data/goxel-0.10.6/src/luagoxel.h
Examining data/goxel-0.10.6/src/main.c
Examining data/goxel-0.10.6/src/marchingcube.c
Examining data/goxel-0.10.6/src/material.c
Examining data/goxel-0.10.6/src/material.h
Examining data/goxel-0.10.6/src/mesh.c
Examining data/goxel-0.10.6/src/mesh.h
Examining data/goxel-0.10.6/src/mesh_to_vertices.c
Examining data/goxel-0.10.6/src/mesh_utils.c
Examining data/goxel-0.10.6/src/mesh_utils.h
Examining data/goxel-0.10.6/src/meta.c
Examining data/goxel-0.10.6/src/meta.h
Examining data/goxel-0.10.6/src/model3d.c
Examining data/goxel-0.10.6/src/model3d.h
Examining data/goxel-0.10.6/src/palette.c
Examining data/goxel-0.10.6/src/palette.h
Examining data/goxel-0.10.6/src/pathtracer.cpp
Examining data/goxel-0.10.6/src/pathtracer.h
Examining data/goxel-0.10.6/src/procedural.c
Examining data/goxel-0.10.6/src/procedural.h
Examining data/goxel-0.10.6/src/quantization.c
Examining data/goxel-0.10.6/src/render.c
Examining data/goxel-0.10.6/src/render.h
Examining data/goxel-0.10.6/src/script.c
Examining data/goxel-0.10.6/src/shader_cache.c
Examining data/goxel-0.10.6/src/shader_cache.h
Examining data/goxel-0.10.6/src/shape.c
Examining data/goxel-0.10.6/src/shape.h
Examining data/goxel-0.10.6/src/system.c
Examining data/goxel-0.10.6/src/system.h
Examining data/goxel-0.10.6/src/tests.c
Examining data/goxel-0.10.6/src/theme.c
Examining data/goxel-0.10.6/src/theme.h
Examining data/goxel-0.10.6/src/tools.c
Examining data/goxel-0.10.6/src/tools.h
Examining data/goxel-0.10.6/src/tools/brush.c
Examining data/goxel-0.10.6/src/tools/color_picker.c
Examining data/goxel-0.10.6/src/tools/extrude.c
Examining data/goxel-0.10.6/src/tools/fuzzy_select.c
Examining data/goxel-0.10.6/src/tools/laser.c
Examining data/goxel-0.10.6/src/tools/line.c
Examining data/goxel-0.10.6/src/tools/move.c
Examining data/goxel-0.10.6/src/tools/plane.c
Examining data/goxel-0.10.6/src/tools/procedural.c
Examining data/goxel-0.10.6/src/tools/selection.c
Examining data/goxel-0.10.6/src/tools/shape.c
Examining data/goxel-0.10.6/src/utils.c
Examining data/goxel-0.10.6/src/utils/b64.c
Examining data/goxel-0.10.6/src/utils/b64.h
Examining data/goxel-0.10.6/src/utils/box.c
Examining data/goxel-0.10.6/src/utils/box.h
Examining data/goxel-0.10.6/src/utils/cache.c
Examining data/goxel-0.10.6/src/utils/cache.h
Examining data/goxel-0.10.6/src/utils/color.c
Examining data/goxel-0.10.6/src/utils/color.h
Examining data/goxel-0.10.6/src/utils/gl.c
Examining data/goxel-0.10.6/src/utils/gl.h
Examining data/goxel-0.10.6/src/utils/img.c
Examining data/goxel-0.10.6/src/utils/img.h
Examining data/goxel-0.10.6/src/utils/ini.c
Examining data/goxel-0.10.6/src/utils/ini.h
Examining data/goxel-0.10.6/src/utils/json.c
Examining data/goxel-0.10.6/src/utils/json.h
Examining data/goxel-0.10.6/src/utils/mustache.c
Examining data/goxel-0.10.6/src/utils/mustache.h
Examining data/goxel-0.10.6/src/utils/plane.h
Examining data/goxel-0.10.6/src/utils/sound.c
Examining data/goxel-0.10.6/src/utils/sound.h
Examining data/goxel-0.10.6/src/utils/texture.c
Examining data/goxel-0.10.6/src/utils/texture.h
Examining data/goxel-0.10.6/src/utils/vec.c
Examining data/goxel-0.10.6/src/utils/vec.h
Examining data/goxel-0.10.6/src/xxhash.c
Examining data/goxel-0.10.6/src/yocto.cpp

FINAL RESULTS:

data/goxel-0.10.6/ext_src/stb/stb_image.h:1198:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/goxel-0.10.6/ext_src/stb/stb_image.h:1201:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:307:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:310:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1708:21:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files or
  change the link content, a race condition results. Also, it does not
  terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
        auto rc = ::readlink(p.c_str(), buffer.data(), buffer.size());
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:3946:15:  [5] (race) chmod:
  This accepts filename arguments; if an attacker can move those files, a
  race condition results. (CWE-362). Use fchmod( ) instead.
        if (::chmod(p.c_str(), static_cast<mode_t>(prms)) != 0) {
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1198:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1201:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:312:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:315:11:  [5] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
  it appears that the size is given as bytes, but the function requires size
  as characters.
	if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/goxel-0.10.6/ext_src/glew/GL/glew.h:1696:72:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void* (GLAPIENTRY * PFNGLMAPBUFFERPROC) (GLenum target, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:3608:90:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLMAKEIMAGEHANDLERESIDENTARBPROC) (GLuint64 handle, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:4077:78:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPNAMEDBUFFERPROC) (GLuint buffer, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:4078:123:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPNAMEDBUFFERRANGEPROC) (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:5221:118:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPBUFFERRANGEPROC) (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:6174:137:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLBINDIMAGETEXTUREPROC) (GLuint unit, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLenum format);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:7624:76:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPBUFFERARBPROC) (GLenum target, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:9120:81:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPNAMEDBUFFEREXTPROC) (GLuint buffer, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:9121:126:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPNAMEDBUFFERRANGEEXTPROC) (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:10539:141:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLBINDIMAGETEXTUREEXTPROC) (GLuint index, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLint format);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:11852:99:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void * (GLAPIENTRY * PFNGLMAPTEXTURE2DINTELPROC) (GLuint texture, GLint level, GLbitfield access, GLint* stride, GLenum *layout);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:12414:89:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLMAKEIMAGEHANDLERESIDENTNVPROC) (GLuint64 handle, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:14012:82:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLMAKEBUFFERRESIDENTNVPROC) (GLenum target, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:14014:87:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLMAKENAMEDBUFFERRESIDENTNVPROC) (GLuint buffer, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/glew.h:14466:93:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef void (GLAPIENTRY * PFNGLVDPAUSURFACEACCESSNVPROC) (GLvdpauSurfaceNV surface, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/wglew.h:903:76:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef BOOL (WINAPI * PFNWGLDXOBJECTACCESSNVPROC) (HANDLE hObject, GLenum access);
data/goxel-0.10.6/ext_src/glew/GL/wglew.h:905:122:  [4] (race) access:
  This usually indicates a security flaw. If an attacker can change anything
  along the path between the call to access() and the file's actual use
  (e.g., by moving files), the attacker can exploit the race condition
  (CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
  and try to open the file directly.
typedef HANDLE (WINAPI * PFNWGLDXREGISTEROBJECTNVPROC) (HANDLE hDevice, void* dxObject, GLuint name, GLenum type, GLenum access);
data/goxel-0.10.6/ext_src/glew/glew.c:152:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(symbolName+1, (const char*)name);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1369:35:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#if defined(_MSC_VER) && !defined(vsnprintf)
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1370:9:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define vsnprintf _vsnprintf
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1380:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int w = vsnprintf(buf, buf_size, fmt, args);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1396:13:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    int w = vsnprintf(buf, buf_size, fmt, args);
data/goxel-0.10.6/ext_src/imgui/imgui.h:82:59:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define IM_FMTARGS(FMT)             __attribute__((format(printf, FMT, FMT+1))) // To apply printf-style warnings to our functions.
data/goxel-0.10.6/ext_src/imgui/imgui.h:83:59:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define IM_FMTLIST(FMT)             __attribute__((format(printf, FMT, 0)))
data/goxel-0.10.6/ext_src/imgui/imgui_internal.h:150:41:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define IMGUI_DEBUG_LOG(_FMT,...)       printf("[%05d] " _FMT, GImGui->FrameCount, __VA_ARGS__)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1820:19:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (op && sscanf(initial_value_buf, format, &arg0i) < 1)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1826:35:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        else                { if (sscanf(buf, format, &arg1i) == 1) *v = arg1i; }                           // Assign constant
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1834:19:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (op && sscanf(initial_value_buf, format, &arg0f) < 1)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1836:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (sscanf(buf, format, &arg1f) < 1)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1848:19:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (op && sscanf(initial_value_buf, format, &arg0f) < 1)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1850:13:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        if (sscanf(buf, format, &arg1f) < 1)
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1861:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        sscanf(buf, format, p_data);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1867:9:  [4] (buffer) sscanf:
  The scanf() family's %s operation, without a limit specification, permits
  buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
  different input function. If the scanf format is influenceable by an
  attacker, it's exploitable.
        sscanf(buf, format, &v32);
data/goxel-0.10.6/ext_src/json/json-builder.c:39:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    #define snprintf _snprintf
data/goxel-0.10.6/ext_src/json/json-builder.c:39:22:  [4] (format) _snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
    #define snprintf _snprintf
data/goxel-0.10.6/ext_src/json/json.c:932:10:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
         strcpy (error_buf, error);
data/goxel-0.10.6/ext_src/lua/lauxlib.h:234:10:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
        (fprintf(stderr, (s), (p)), fflush(stderr))
data/goxel-0.10.6/ext_src/lua/liolib.c:59:40:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#define l_popen(L,c,m)		(fflush(NULL), popen(c,m))
data/goxel-0.10.6/ext_src/lua/liolib.c:627:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                ? fprintf(f, LUA_INTEGER_FMT,
data/goxel-0.10.6/ext_src/lua/liolib.c:629:19:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
                : fprintf(f, LUA_NUMBER_FMT,
data/goxel-0.10.6/ext_src/lua/lobject.c:286:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(buff, s);  /* copy string to buffer */
data/goxel-0.10.6/ext_src/lua/loslib.c:122:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(b, LUA_TMPNAMTEMPLATE); \
data/goxel-0.10.6/ext_src/lua/loslib.c:143:14:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
  int stat = system(cmd);
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1010:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
  strcpy(form + l - 1, lenmod);
data/goxel-0.10.6/ext_src/lua/luaconf.h:606:29:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
#define l_sprintf(s,sz,f,i)	snprintf(s,sz,f,i)
data/goxel-0.10.6/ext_src/lua/luaconf.h:608:42:  [4] (format) sprintf:
  Potential format string problem (CWE-134). Make format string constant.
#define l_sprintf(s,sz,f,i)	((void)(sz), sprintf(s,f,i))
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:128:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(buf, filters);
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:187:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(ofn.lpstrFile, default_name);
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:257:13:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
            strcpy(buf, filters);
data/goxel-0.10.6/ext_src/uthash/uthash.h:525:29:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
#define HASH_OOPS(...) do { fprintf(stderr,__VA_ARGS__); exit(-1); } while (0)
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:835:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(path + prefix, uri);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:839:3:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		strcpy(path, base);
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:1130:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    if (fprintf(fs, i ? ",%g" : "%g", (&value.x.x)[i]) < 0)
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:1736:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    if (fprintf(fs, i ? " %g" : "%g", (&value.x.x)[i]) < 0)
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:2642:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    if (fprintf(state.fs, i ? ", %g" : "%g", (&value.x.x)[i]) < 0)
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:3824:9:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    if (fprintf(fs, i ? " %g" : "%g", (&value.x.x)[i]) < 0)
data/goxel-0.10.6/src/action.c:39:9:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
        strcpy(item->action.shortcut, item->action.default_shortcut);
data/goxel-0.10.6/src/formats/gox.c:585:21:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                    sprintf(layer->name, "%s", dict_value);
data/goxel-0.10.6/src/goxel.c:432:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "Goxel %s%s %s", GOXEL_VERSION_STR, DEBUG ? " (debug)" : "",
data/goxel-0.10.6/src/goxel.c:1042:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(id, "export_as_%s", type);
data/goxel-0.10.6/src/gui.cpp:164:13:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be exploited,
  and note that sprintf variations do not always \0-terminate (CWE-134). Use
  a constant for the format specification.
            snprintf(buf, sizeof(buf), format, *v);
data/goxel-0.10.6/src/gui/tools_panel.c:63:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(label, "%s", tool->name);
data/goxel-0.10.6/src/gui/tools_panel.c:65:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(action_id, "tool_set_%s", values[i].tool_id);
data/goxel-0.10.6/src/gui/tools_panel.c:69:17:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
                sprintf(label, "%s (%s)", tool->name, action->shortcut);
data/goxel-0.10.6/src/luagoxel.h:38:12:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely
  (CWE-78). try using a library call that implements the same functionality
  if available.
#   define system(x) -1
data/goxel-0.10.6/src/mesh_utils.c:576:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(buf, "mesh_export_as_%s", type);
data/goxel-0.10.6/src/palette.c:87:17:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
                strcpy(entries[nb].name, entry_name);
data/goxel-0.10.6/src/shader_cache.c:46:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(key, name);
data/goxel-0.10.6/src/shader_cache.c:50:13:  [4] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused).
            strcat(key, define->name);
data/goxel-0.10.6/src/shader_cache.c:61:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(s->key, key);
data/goxel-0.10.6/src/shader_cache.c:63:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(path, "asset://data/shaders/%s.glsl", name);
data/goxel-0.10.6/src/shader_cache.c:69:13:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
            sprintf(pre + strlen(pre), "#define %s\n", define->name);
data/goxel-0.10.6/src/system.c:192:5:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
    strcpy(tmp, path);
data/goxel-0.10.6/src/theme.c:221:5:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
    fprintf(file, #n "=%d\n", t->sizes.n);
data/goxel-0.10.6/src/utils/json.c:94:5:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
    sprintf(string, "data:%s;base64,", mime);
data/goxel-0.10.6/ext_src/lua/lmathlib.c:28:18:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define l_rand()	random()
data/goxel-0.10.6/ext_src/lua/lmathlib.c:29:20:  [3] (random) srandom:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define l_srand(x)	srandom(x)
data/goxel-0.10.6/ext_src/lua/lmathlib.c:33:20:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
#define l_srand(x)	srand(x)
data/goxel-0.10.6/ext_src/lua/loadlib.c:294:22:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  const char *path = getenv(nver);  /* use versioned name */
data/goxel-0.10.6/ext_src/lua/loadlib.c:296:12:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
    path = getenv(envname);  /* try unversioned name */
data/goxel-0.10.6/ext_src/lua/loslib.c:131:33:  [3] (tmpfile) tmpnam:
  Temporary file race condition (CWE-377).
#define lua_tmpnam(b,e)		{ e = (tmpnam(b) == NULL); }
data/goxel-0.10.6/ext_src/lua/loslib.c:178:21:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
  lua_pushstring(L, getenv(luaL_checkstring(L, 1)));  /* if NULL push nil */
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:4253:26:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        temp_path = std::getenv(*temp_name);
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.cpp:844:42:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    value.type   = pbrt_sampler::type_t::random;
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.h:135:5:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    random,
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.h:142:47:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
  type_t            type            = type_t::random;
data/goxel-0.10.6/src/main.c:122:13:  [3] (buffer) getopt_long:
  Some older implementations do not protect against internal buffer overflows
  (CWE-120, CWE-20). Check implementation on installation, or limit the size
  of all string inputs.
        c = getopt_long(argc, argv, "e:s:", long_options, &option_index);
data/goxel-0.10.6/src/system.c:49:16:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
        home = getenv("XDG_CONFIG_HOME");
data/goxel-0.10.6/src/system.c:53:20:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker. They can have any content and length, and the same variable can
  be set more than once (CWE-807, CWE-20). Check environment variables
  carefully before using them.
            home = getenv("HOME");
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1265:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    return (char*)memcpy(buf, (const void*)str, len + 1);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1279:19:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    return (char*)memcpy(dst, (const void*)src, src_size);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1495:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    return fopen(filename, mode);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2087:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&Buf[write_off - 1], str, (size_t)len);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:3693:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(g.IO.KeysDownDurationPrev, g.IO.KeysDownDuration, sizeof(g.IO.KeysDownDuration));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:4036:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&Layers[0][n], &layer[0], layer.Size * sizeof(ImDrawList*));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:4641:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char title[256];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:7380:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char window_name[16];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:7596:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[20];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:7970:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:8330:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(g.IO.NavInputsDownDurationPrev, g.IO.NavInputsDownDuration, sizeof(g.IO.NavInputsDownDuration));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:8571:141:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        if (1) { ImU32 col = (!g.NavWindow->Hidden) ? IM_COL32(255,0,255,255) : IM_COL32(255,0,0,255); ImVec2 p = NavCalcPreferredRefPos(); char buf[32]; ImFormatString(buf, 32, "%d", g.NavLayer); draw_list->AddCircleFilled(p, 3.0f, col); draw_list->AddText(NULL, 13.0f, p + ImVec2(8,-4), col, buf); }
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9086:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(payload.Data, data, data_size);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9093:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(payload.Data, data, data_size);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9473:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(settings->GetName(), name, name_len + 1);   // Store with zero terminator
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9527:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, ini_data, ini_size);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9810:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&g.PrivateClipboard[0], text, (size_t)(text_end - text));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9951:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[300];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:10061:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
            if (!open)
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:10095:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            char buf[256];
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:10242:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                char buf[32];
data/goxel-0.10.6/ext_src/imgui/imgui.h:1278:90:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline ImVector<T>& operator=(const ImVector<T>& src)   { clear(); resize(src.Size); memcpy(Data, src.Data, (size_t)Size * sizeof(T)); return *this; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1301:182:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline void         resize(int new_size, const T& v)    { if (new_size > Capacity) reserve(_grow_capacity(new_size)); if (new_size > Size) for (int n = Size; n < new_size; n++) memcpy(&Data[n], &v, sizeof(v)); Size = new_size; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1303:175:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline void         reserve(int new_capacity)           { if (new_capacity <= Capacity) return; T* new_data = (T*)IM_ALLOC((size_t)new_capacity * sizeof(T)); if (Data) { memcpy(new_data, Data, (size_t)Size * sizeof(T)); IM_FREE(Data); } Data = new_data; Capacity = new_capacity; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1306:120:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline void         push_back(const T& v)               { if (Size == Capacity) reserve(_grow_capacity(Size + 1)); memcpy(&Data[Size], &v, sizeof(v)); Size++; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1311:160:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline T*           erase_unsorted(const T* it)         { IM_ASSERT(it >= Data && it < Data+Size);  const ptrdiff_t off = it - Data; if (it < Data+Size-1) memcpy(Data + off, Data + Size - 1, sizeof(T)); Size--; return Data + off; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1312:295:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    inline T*           insert(const T* it, const T& v)     { IM_ASSERT(it >= Data && it <= Data+Size); const ptrdiff_t off = it - Data; if (Size == Capacity) reserve(_grow_capacity(Size + 1)); if (off < (int)Size) memmove(Data + off + 1, Data + off, ((size_t)Size - (size_t)off) * sizeof(T)); memcpy(&Data[off], &v, sizeof(v)); Size++; return Data + off; }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1568:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            DataType[32+1];     // Data type tag (short user-supplied string, 32 characters max)
data/goxel-0.10.6/ext_src/imgui/imgui.h:1590:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    static inline void  SetNextTreeNodeOpen(bool open, ImGuiCond cond = 0) { SetNextItemOpen(open, cond); }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1590:94:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    static inline void  SetNextTreeNodeOpen(bool open, ImGuiCond cond = 0) { SetNextItemOpen(open, cond); }
data/goxel-0.10.6/ext_src/imgui/imgui.h:1647:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                    InputBuf[256];
data/goxel-0.10.6/ext_src/imgui/imgui.h:1657:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    IMGUI_API static char EmptyString[1];
data/goxel-0.10.6/ext_src/imgui/imgui.h:2064:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            Name[40];               // Name (strictly to ease debugging)
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1394:44:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        if (int sz = ch._CmdBuffer.Size) { memcpy(cmd_write, ch._CmdBuffer.Data, sz * sizeof(ImDrawCmd)); cmd_write += sz; }
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1395:44:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        if (int sz = ch._IdxBuffer.Size) { memcpy(idx_write, ch._IdxBuffer.Data, sz * sizeof(ImDrawIdx)); idx_write += sz; }
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1409:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&_Channels.Data[_Current]._CmdBuffer, &draw_list->CmdBuffer, sizeof(draw_list->CmdBuffer));
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1410:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&_Channels.Data[_Current]._IdxBuffer, &draw_list->IdxBuffer, sizeof(draw_list->IdxBuffer));
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1539:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char FONT_ATLAS_DEFAULT_TEX_DATA_PIXELS[FONT_ATLAS_DEFAULT_TEX_DATA_W_HALF * FONT_ATLAS_DEFAULT_TEX_DATA_H + 1] =
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1715:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(new_font_cfg.FontData, font_cfg->FontData, (size_t)new_font_cfg.FontDataSize);
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1887:58:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void    ImFontAtlasBuildMultiplyCalcLookupTable(unsigned char out_table[256], float in_brighten_factor)
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1896:59:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void    ImFontAtlasBuildMultiplyRectAlpha8(const unsigned char table[256], unsigned char* pixels, int x, int y, int w, int h, int stride)
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:2136:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
            unsigned char multiply_table[256];
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:2433:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(full_ranges, base_ranges, sizeof(base_ranges));
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:2491:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(full_ranges, base_ranges, sizeof(base_ranges));
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:3271:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(stb__dout, data, length);
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:3371:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static const char proggy_clean_ttf_compressed_data_base85[11980+1] =
data/goxel-0.10.6/ext_src/imgui/imgui_internal.h:1138:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char           DragDropPayloadBufLocal[16];        // Local buffer for small payloads
data/goxel-0.10.6/ext_src/imgui/imgui_internal.h:1196:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char                    TempBuffer[1024*3+1];               // Temporary text buffer
data/goxel-0.10.6/ext_src/imgui/imgui_internal.h:1875:78:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
IMGUI_API void              ImFontAtlasBuildMultiplyCalcLookupTable(unsigned char out_table[256], float in_multiply_factor);
data/goxel-0.10.6/ext_src/imgui/imgui_internal.h:1876:79:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
IMGUI_API void              ImFontAtlasBuildMultiplyRectAlpha8(const unsigned char table[256], unsigned char* pixels, int x, int y, int w, int h, int stride);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1156:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char overlay_buf[32];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1517:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[16];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1808:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data_backup, p_data, type_info->Size);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1910:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char v_str[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2146:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value_buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2602:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value_buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2749:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char value_buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2873:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char fmt_buf[32];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2874:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char data_buf[32];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:2912:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3032:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16] = "%f";
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3040:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16] = "%f";
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3048:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16] = "%f";
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3056:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char format[16] = "%f";
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(text + pos, new_text, (size_t)new_text_len * sizeof(ImWchar));
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3350:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(Buf + pos, new_text, (size_t)new_text_len * sizeof(char));
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3538:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(state->InitialTextA.Data, buf, buf_len + 1);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4356:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4432:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(g.ColorEditLastColor, f, sizeof(float) * 3);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4454:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((float*)col, payload->Data, sizeof(float) * 3); // Preserve alpha if any //-V512
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4459:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy((float*)col, payload->Data, sizeof(float) * components);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4594:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(backup_initial_col, col, components * sizeof(float));
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4732:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(col, ref_col, components * sizeof(float));
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4748:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(g.ColorEditLastColor, col, sizeof(float) * 3);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:5085:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:5132:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&dummy_ref_col, ref_col, sizeof(float) * ((picker_flags & ImGuiColorEditFlags_NoAlpha) ? 3 : 4));
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:6030:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char fmt[64];
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:6916:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if (open)
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:284:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char ttf_buffer[1<<20];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:285:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char temp_bitmap[512*512];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:292:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(ttf_buffer, 1, 1<<20, fopen("c:/windows/fonts/times.ttf", "rb"));
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:333:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ttf_buffer[1<<25];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:339:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:339:70:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:341:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(ttf_buffer, 1, 1<<25, fopen(argc > 3 ? argv[3] : "c:/windows/fonts/arialbd.ttf", "rb"));
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:373:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buffer[24<<20];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:374:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char screen[20][79];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:383:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(buffer, 1, 1000000, fopen("c:/windows/fonts/arialbd.ttf", "rb"));
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:437:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   typedef char stbtt__check_size32[sizeof(stbtt_int32)==4 ? 1 : -1];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:438:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   typedef char stbtt__check_size16[sizeof(stbtt_int16)==2 ? 1 : -1];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:488:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   #define STBTT_memcpy       memcpy
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:2839:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char scanline_data[512], *scanline;
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:3854:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:3916:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/goxel-0.10.6/ext_src/inih/ini.c:84:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char line[INI_MAX_LINE];
data/goxel-0.10.6/ext_src/inih/ini.c:94:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char section[MAX_SECTION] = "";
data/goxel-0.10.6/ext_src/inih/ini.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char prev_name[MAX_NAME] = "";
data/goxel-0.10.6/ext_src/inih/ini.c:226:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(filename, "r");
data/goxel-0.10.6/ext_src/json/json-builder.c:82:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy (name_copy, entry->name, entry->name_length + 1);
data/goxel-0.10.6/ext_src/json/json-builder.c:222:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (name_copy, name, name_length * sizeof (json_char));
data/goxel-0.10.6/ext_src/json/json-builder.c:287:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (copy, buf, length * sizeof (json_char));
data/goxel-0.10.6/ext_src/json/json-builder.c:887:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy (buf, "null", 4);
data/goxel-0.10.6/ext_src/json/json-builder.c:891:20:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            buf += sprintf (buf, "%.12f", value->u.dbl);
data/goxel-0.10.6/ext_src/json/json-builder.c:909:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buf, "true", 4);
data/goxel-0.10.6/ext_src/json/json-builder.c:914:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy (buf, "false", 5);
data/goxel-0.10.6/ext_src/json/json-builder.c:922:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy (buf, "null", 4);
data/goxel-0.10.6/ext_src/json/json.c:251:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy (&state.settings, settings, sizeof (json_settings));
data/goxel-0.10.6/ext_src/json/json.c:284:16:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
            {  sprintf (error, "Unexpected EOF in string (at %d:%d)", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:310:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:327:29:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                            sprintf (error, "Invalid character value `%c` (at %d:%d)", b, line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:456:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  {  sprintf (error, "%d:%d: Unexpected EOF in block comment", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:472:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               {  sprintf (error, "%d:%d: Comment not allowed here", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:477:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
               {  sprintf (error, "%d:%d: EOF unexpected", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:492:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                     sprintf (error, "%d:%d: Unexpected `%c` in comment opening sequence", line_and_col, b);
data/goxel-0.10.6/ext_src/json/json.c:510:19:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  sprintf (error, "%d:%d: Trailing garbage: `%c`",
data/goxel-0.10.6/ext_src/json/json.c:529:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  {  sprintf (error, "%d:%d: Unexpected ]", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:545:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf (error, "%d:%d: Expected , before %c",
data/goxel-0.10.6/ext_src/json/json.c:560:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        sprintf (error, "%d:%d: Expected : before %c",
data/goxel-0.10.6/ext_src/json/json.c:686:28:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        {  sprintf (error, "%d:%d: Unexpected %c when seeking value", line_and_col, b);
data/goxel-0.10.6/ext_src/json/json.c:706:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                     {  sprintf (error, "%d:%d: Expected , before \"", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:731:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                     sprintf (error, "%d:%d: Unexpected `%c` in object", line_and_col, b);
data/goxel-0.10.6/ext_src/json/json.c:749:28:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                        {  sprintf (error, "%d:%d: Unexpected `0` before `%c`", line_and_col, b);
data/goxel-0.10.6/ext_src/json/json.c:786:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  {  sprintf (error, "%d:%d: Expected digit before `.`", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:802:25:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                     {  sprintf (error, "%d:%d: Expected digit after `.`", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:828:22:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
                  {  sprintf (error, "%d:%d: Expected digit after `e`", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:914:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (error, "%d:%d: Unknown value", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:919:4:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
   strcpy (error, "Memory allocation failure");
data/goxel-0.10.6/ext_src/json/json.c:924:4:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
   sprintf (error, "%d:%d: Too long (caught overflow)", line_and_col);
data/goxel-0.10.6/ext_src/json/json.c:934:10:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused). Risk is low because the source is a constant string.
         strcpy (error_buf, "Unknown error");
data/goxel-0.10.6/ext_src/lua/lapi.c:1295:33:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  if (upisopen(*up1)) (*up1)->u.open.touched = 1;
data/goxel-0.10.6/ext_src/lua/lauxlib.c:519:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(newbuff, B->b, B->n * sizeof(char));  /* copy original content */
data/goxel-0.10.6/ext_src/lua/lauxlib.c:531:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(b, s, l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lauxlib.c:638:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[BUFSIZ];  /* area for reading file */
data/goxel-0.10.6/ext_src/lua/lauxlib.c:715:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    lf.f = fopen(filename, "r");
data/goxel-0.10.6/ext_src/lua/lauxlib.h:153:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char initb[LUAL_BUFFERSIZE];  /* initial buffer */
data/goxel-0.10.6/ext_src/lua/ldblib.c:382:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[5];
data/goxel-0.10.6/ext_src/lua/ldblib.c:404:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[250];
data/goxel-0.10.6/ext_src/lua/ldebug.c:630:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[LUA_IDSIZE];
data/goxel-0.10.6/ext_src/lua/ldo.c:162:50:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  for (up = L->openupval; up != NULL; up = up->u.open.next)
data/goxel-0.10.6/ext_src/lua/lfunc.c:66:16:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    pp = &p->u.open.next;
data/goxel-0.10.6/ext_src/lua/lfunc.c:71:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  uv->u.open.next = *pp;  /* link it to list of open upvalues */
data/goxel-0.10.6/ext_src/lua/lfunc.c:72:9:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  uv->u.open.touched = 1;
data/goxel-0.10.6/ext_src/lua/lfunc.c:87:26:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    L->openupval = uv->u.open.next;  /* remove from 'open' list */
data/goxel-0.10.6/ext_src/lua/lfunc.h:42:7:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    } open;
data/goxel-0.10.6/ext_src/lua/lgc.c:323:59:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
      for (uv = thread->openupval; uv != NULL; uv = uv->u.open.next) {
data/goxel-0.10.6/ext_src/lua/lgc.c:324:19:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        if (uv->u.open.touched) {
data/goxel-0.10.6/ext_src/lua/lgc.c:326:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
          uv->u.open.touched = 0;
data/goxel-0.10.6/ext_src/lua/lgc.c:521:15:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        uv->u.open.touched = 1;  /* can be marked in 'remarkupvals' */
data/goxel-0.10.6/ext_src/lua/liolib.c:250:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  p->f = fopen(fname, mode);
data/goxel-0.10.6/ext_src/lua/liolib.c:262:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  p->f = fopen(filename, mode);
data/goxel-0.10.6/ext_src/lua/liolib.c:288:10:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older System
  V systems) (CWE-377).
  p->f = tmpfile();
data/goxel-0.10.6/ext_src/lua/liolib.c:394:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[L_MAXLENNUM + 1];  /* +1 for ending '\0' */
data/goxel-0.10.6/ext_src/lua/liolib.c:444:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char decp[2];
data/goxel-0.10.6/ext_src/lua/llex.c:346:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[UTF8BUFFSZ];
data/goxel-0.10.6/ext_src/lua/loadlib.c:169:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[MAX_PATH + 1];
data/goxel-0.10.6/ext_src/lua/loadlib.c:187:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[128];
data/goxel-0.10.6/ext_src/lua/loadlib.c:417:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *f = fopen(filename, "r");  /* try to open file */
data/goxel-0.10.6/ext_src/lua/lobject.c:282:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[L_MAXLENNUM + 1];
data/goxel-0.10.6/ext_src/lua/lobject.c:372:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[MAXNUMBER2STR];
data/goxel-0.10.6/ext_src/lua/lobject.c:437:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[4*sizeof(void *) + 8]; /* should be enough space for a '%p' */
data/goxel-0.10.6/ext_src/lua/lobject.c:444:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[UTF8BUFFSZ];
data/goxel-0.10.6/ext_src/lua/lobject.c:485:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define addstr(a,b,l)	( memcpy(a,b,(l) * sizeof(char)), a += (l) )
data/goxel-0.10.6/ext_src/lua/lobject.c:491:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(out, source + 1, l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lobject.c:499:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(out, source + 1, l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lobject.c:503:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(out, source + 1 + l - bufflen, bufflen * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lobject.c:519:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, POS, (LL(POS) + 1) * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lopcodes.c:20:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LUAI_DDEF const char *const luaP_opnames[NUM_OPCODES+1] = {
data/goxel-0.10.6/ext_src/lua/lopcodes.h:290:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LUAI_DDEC const char *const luaP_opnames[NUM_OPCODES+1];  /* opcode names */
data/goxel-0.10.6/ext_src/lua/loslib.c:123:13:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. Some
  older Unix-like systems create temp files with permission to write by all
  by default, so be sure to set the umask to override this. Also, some older
  Unix systems might fail to use O_EXCL when opening the file, so make sure
  that O_EXCL is used by the library (CWE-377).
        e = mkstemp(b); \
data/goxel-0.10.6/ext_src/lua/loslib.c:167:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[LUA_TMPNAMBUFSIZE];
data/goxel-0.10.6/ext_src/lua/loslib.c:268:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buff, conv, oplen);  /* copy valid option to buffer */
data/goxel-0.10.6/ext_src/lua/loslib.c:303:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char cc[4];  /* buffer for individual conversion specifiers */
data/goxel-0.10.6/ext_src/lua/lstate.c:79:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(b + p, &t, sizeof(t)); p += sizeof(t); }
data/goxel-0.10.6/ext_src/lua/lstate.c:82:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[4 * sizeof(size_t)];
data/goxel-0.10.6/ext_src/lua/lstate.c:276:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(lua_getextraspace(L1), lua_getextraspace(g->mainthread),
data/goxel-0.10.6/ext_src/lua/lstring.c:187:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(getstr(ts), str, l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lstring.c:207:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(getstr(ts), str, l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lstrlib.c:135:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(p, s, l * sizeof(char)); p += l;
data/goxel-0.10.6/ext_src/lua/lstrlib.c:137:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(p, sep, lsep * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lstrlib.c:141:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, s, l * sizeof(char));  /* last copy (not followed by separator) */
data/goxel-0.10.6/ext_src/lua/lstrlib.c:916:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buff[10];
data/goxel-0.10.6/ext_src/lua/lstrlib.c:996:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(form, strfrmt, ((p - strfrmt) + 1) * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1030:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char form[MAX_FORMAT];  /* to store the format ('%...') */
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1146:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[5 * sizeof(lua_Number)];  /* enough for any float type */
data/goxel-0.10.6/ext_src/lua/ltablib.c:263:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff, &c, sof(c) * sizeof(unsigned int));
data/goxel-0.10.6/ext_src/lua/ltablib.c:264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buff + sof(c), &t, sof(t) * sizeof(unsigned int));
data/goxel-0.10.6/ext_src/lua/ltm.c:29:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LUAI_DDEF const char *const luaT_typenames_[LUA_TOTALTAGS] = {
data/goxel-0.10.6/ext_src/lua/ltm.h:55:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
LUAI_DDEC const char *const luaT_typenames_[LUA_TOTALTAGS];
data/goxel-0.10.6/ext_src/lua/lua.h:454:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char short_src[LUA_IDSIZE]; /* (S) */
data/goxel-0.10.6/ext_src/lua/lundump.c:95:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buff[LUAI_MAXSHORTLEN];
data/goxel-0.10.6/ext_src/lua/lundump.c:220:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buff[sizeof(LUA_SIGNATURE) + sizeof(LUAC_DATA)]; /* larger than both */
data/goxel-0.10.6/ext_src/lua/lvm.c:464:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buff + tl, svalue(top - n), l * sizeof(char));
data/goxel-0.10.6/ext_src/lua/lvm.c:498:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buff[LUAI_MAXSHORTLEN];
data/goxel-0.10.6/ext_src/lua/lzio.c:60:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(b, z->p, m);
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:97:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128], *patterns;
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:171:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char szFile[260];       // buffer for file name
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:229:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128], *patterns;
data/goxel-0.10.6/ext_src/stb/stb_image.h:580:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1];
data/goxel-0.10.6/ext_src/stb/stb_image.h:1095:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(temp, row0, bytes_copy);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1096:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(row0, row1, bytes_copy);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1097:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(row1, temp, bytes_copy);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1181:49:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBI_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1196:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wMode[64];
data/goxel-0.10.6/ext_src/stb/stb_image.h:1197:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wFilename[1024];
data/goxel-0.10.6/ext_src/stb/stb_image.h:1215:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen(filename, mode);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1515:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(buffer, s->img_buffer, blen);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1525:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buffer, s->img_buffer, n);
data/goxel-0.10.6/ext_src/stb/stb_image.h:2971:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         static const unsigned char tag[5] = {'J','F','I','F','\0'};
data/goxel-0.10.6/ext_src/stb/stb_image.h:2981:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         static const unsigned char tag[6] = {'A','d','o','b','e','\0'};
data/goxel-0.10.6/ext_src/stb/stb_image.h:3086:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      static const unsigned char rgb[3] = { 'R', 'G', 'B' };
data/goxel-0.10.6/ext_src/stb/stb_image.h:4158:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(a->zout, a->zbuffer, len);
data/goxel-0.10.6/ext_src/stb/stb_image.h:4482:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            case STBI__F_none:         memcpy(cur, raw, nk); break;
data/goxel-0.10.6/ext_src/stb/stb_image.h:4638:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(final + out_y*a->s->img_x*out_bytes + out_x*out_bytes,
data/goxel-0.10.6/ext_src/stb/stb_image.h:5545:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char raw_data[4] = {0};
data/goxel-0.10.6/ext_src/stb/stb_image.h:6447:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy( &g->out[pi * 4], &two_back[pi * 4], 4 ); 
data/goxel-0.10.6/ext_src/stb/stb_image.h:6454:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy( &g->out[pi * 4], &g->background[pi * 4], 4 ); 
data/goxel-0.10.6/ext_src/stb/stb_image.h:6465:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( g->background, g->out, 4 * g->w * g->h ); 
data/goxel-0.10.6/ext_src/stb/stb_image.h:6529:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                     memcpy( &g->out[pi * 4], &g->pal[g->bgindex], 4 ); 
data/goxel-0.10.6/ext_src/stb/stb_image.h:6616:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( out + ((layers - 1) * stride), u, stride ); 
data/goxel-0.10.6/ext_src/stb/stb_image.h:6755:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[STBI__HDR_BUFLEN];
data/goxel-0.10.6/ext_src/stb/stb_image.h:6883:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[STBI__HDR_BUFLEN];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:292:50:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBIW_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:305:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wMode[64];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:306:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wFilename[1024];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:324:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen(filename, mode);
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:355:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char b[2];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:361:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char b[4];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:390:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char arr[3];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:397:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char bg[3] = { 255, 0, 255}, px[3];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:636:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char scanlineheader[4] = { 2, 2, 0, 0 };
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:637:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char rgbe[4];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:731:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[128];
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:738:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      len = sprintf(buffer, "EXPOSURE=          1.0000000000000\n\n-Y %d +X %d\n", y, x);
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:1049:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(line_buffer, z, width*n);
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:1078:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char sig[8] = { 137,80,78,71,13,10,26,10 };
data/goxel-0.10.6/ext_src/stb/stb_image_write.h:1413:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char YTable[64], UVTable[64];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:278:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char ttf_buffer[1<<20];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:279:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char temp_bitmap[512*512];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:286:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(ttf_buffer, 1, 1<<20, fopen("c:/windows/fonts/times.ttf", "rb"));
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:327:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char ttf_buffer[1<<25];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:333:32:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:333:70:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
   int w,h,i,j,c = (argc > 1 ? atoi(argv[1]) : 'a'), s = (argc > 2 ? atoi(argv[2]) : 20);
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:335:32:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(ttf_buffer, 1, 1<<25, fopen(argc > 3 ? argv[3] : "c:/windows/fonts/arialbd.ttf", "rb"));
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:367:1:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
char buffer[24<<20];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:368:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char screen[20][79];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:377:30:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   fread(buffer, 1, 1000000, fopen("c:/windows/fonts/arialbd.ttf", "rb"));
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:431:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   typedef char stbtt__check_size32[sizeof(stbtt_int32)==4 ? 1 : -1];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:432:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   typedef char stbtt__check_size16[sizeof(stbtt_int16)==2 ? 1 : -1];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:482:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   #define STBTT_memcpy       memcpy
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:2821:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char scanline_data[512], *scanline;
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:3822:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:3884:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char buffer[STBTT_MAX_OVERSAMPLE];
data/goxel-0.10.6/ext_src/uthash/utarray.h:112:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  else { memcpy(_utarray_eltptr(a,(a)->i++), p, (a)->icd.sz); };              \
data/goxel-0.10.6/ext_src/uthash/utarray.h:140:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  else { memcpy(_utarray_eltptr(a,j), p, (a)->icd.sz); };                     \
data/goxel-0.10.6/ext_src/uthash/utarray.h:159:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(_utarray_eltptr(a,j), _utarray_eltptr(w,0),                        \
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:112:76:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
static void* XXH_memcpy(void* dest, const void* src, size_t size) { return memcpy(dest,src,size); }
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:518:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:530:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:630:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:992:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dstState, srcState, sizeof(*dstState));
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:1004:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(statePtr, &state, sizeof(state) - sizeof(state.reserved));
data/goxel-0.10.6/ext_src/xxhash/xxhash.c:1100:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, &hash, sizeof(*dst));
data/goxel-0.10.6/ext_src/xxhash/xxhash.h:221:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[4]; } XXH32_canonical_t;
data/goxel-0.10.6/ext_src/xxhash/xxhash.h:263:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[8]; } XXH64_canonical_t;
data/goxel-0.10.6/ext_src/xxhash/xxhash.h:426:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   XXH_ALIGN(64) char customSecret[XXH3_SECRET_DEFAULT_SIZE];  /* used to store a custom secret generated from the seed. Makes state larger. Design might change */
data/goxel-0.10.6/ext_src/xxhash/xxhash.h:427:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   XXH_ALIGN(64) char buffer[XXH3_INTERNALBUFFER_SIZE];
data/goxel-0.10.6/ext_src/xxhash/xxhash.h:520:27:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef struct { unsigned char digest[16]; } XXH128_canonical_t;
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:658:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmp, data, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:686:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmp, ptr + 4, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:694:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmp, ptr + 8, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:709:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&json_length, json_chunk, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:716:2:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
	memcpy(&tmp, json_chunk + 4, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:734:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&bin_length, bin_chunk, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:741:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(&tmp, bin_chunk + 4, 4);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:776:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE* file = fopen(path, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:856:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	FILE* file = fopen(path, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1322:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
		memcpy(lm, node->matrix, sizeof(float) * 16);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1553:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128];
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1557:9:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
	return atoi(tmp);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1563:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char tmp[128];
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1716:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
		*out_index = atoi(us + 1);
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:934:35:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    basic_filebuf<charT, traits>* open(const path& p, std::ios_base::openmode mode)
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:937:51:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        return std::basic_filebuf<charT, traits>::open(p.wstring().c_str(), mode) ? this : 0;
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:939:51:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
        return std::basic_filebuf<charT, traits>::open(p.string().c_str(), mode) ? this : 0;
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:954:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in) { std::basic_ifstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:954:118:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in) { std::basic_ifstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:960:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in) { std::basic_ifstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:960:118:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in) { std::basic_ifstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:977:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::out) { std::basic_ofstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:977:119:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::out) { std::basic_ofstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:983:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::out) { std::basic_ofstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:983:119:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::out) { std::basic_ofstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1000:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in | std::ios_base::out) { std::basic_fstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1000:138:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in | std::ios_base::out) { std::basic_fstream<charT, traits>::open(p.wstring().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1006:10:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in | std::ios_base::out) { std::basic_fstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1006:138:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    void open(const path& p, std::ios_base::openmode mode = std::ios_base::in | std::ios_base::out) { std::basic_fstream<charT, traits>::open(p.string().c_str(), mode); }
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1529:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1533:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[512];
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:3255:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((in = ::open(from.c_str(), O_RDONLY)) < 0) {
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:3264:18:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    if ((out = ::open(to.c_str(), mode, static_cast<int>(sf.permissions() & perms::all))) < 0) {
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:4242:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t buffer[512];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:580:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1095:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(temp, row0, bytes_copy);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1096:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(row0, row1, bytes_copy);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1097:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(row1, temp, bytes_copy);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1181:49:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBI_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1196:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wMode[64];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1197:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wFilename[1024];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1215:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen(filename, mode);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1515:10:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
         memcpy(buffer, s->img_buffer, blen);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1525:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(buffer, s->img_buffer, n);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:2971:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         static const unsigned char tag[5] = {'J','F','I','F','\0'};
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:2981:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
         static const unsigned char tag[6] = {'A','d','o','b','e','\0'};
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:3086:29:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      static const unsigned char rgb[3] = { 'R', 'G', 'B' };
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:4158:4:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
   memcpy(a->zout, a->zbuffer, len);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:4482:40:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            case STBI__F_none:         memcpy(cur, raw, nk); break;
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:4638:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy(final + out_y*a->s->img_x*out_bytes + out_x*out_bytes,
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:5545:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char raw_data[4] = {0};
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6447:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy( &g->out[pi * 4], &two_back[pi * 4], 4 ); 
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6454:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
               memcpy( &g->out[pi * 4], &g->background[pi * 4], 4 ); 
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6465:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy( g->background, g->out, 4 * g->w * g->h ); 
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6529:22:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                     memcpy( &g->out[pi * 4], &g->pal[g->bgindex], 4 ); 
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6616:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy( out + ((layers - 1) * stride), u, stride ); 
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6755:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[STBI__HDR_BUFLEN];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:6883:4:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   char buffer[STBI__HDR_BUFLEN];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:417:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char stbir__validate_uint32[sizeof(stbir_uint32) == 4 ? 1 : -1];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:1768:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                    ((unsigned char *)output_buffer)[pixel_index + alpha_channel] = STBIR__ENCODE_LINEAR8(encode_buffer[pixel_index+alpha_channel]);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2300:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char overwrite_output_before_pre[OVERWRITE_ARRAY_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2301:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char overwrite_tempmem_before_pre[OVERWRITE_ARRAY_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2302:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char overwrite_output_after_pre[OVERWRITE_ARRAY_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2303:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char overwrite_tempmem_after_pre[OVERWRITE_ARRAY_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2306:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(overwrite_output_before_pre, &((unsigned char*)output_data)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2307:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(overwrite_output_after_pre, &((unsigned char*)output_data)[begin_forbidden], OVERWRITE_ARRAY_SIZE);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2308:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(overwrite_tempmem_before_pre, &((unsigned char*)tempmem)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_resize.h:2309:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(overwrite_tempmem_after_pre, &((unsigned char*)tempmem)[tempmem_size_in_bytes], OVERWRITE_ARRAY_SIZE);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:297:50:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBIW_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:310:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wMode[64];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:311:4:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   wchar_t wFilename[1024];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:329:8:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
   f = fopen(filename, mode);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:360:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char b[2];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:366:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                     unsigned char b[4];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:395:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char arr[3];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:402:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char bg[3] = { 255, 0, 255}, px[3];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:641:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char scanlineheader[4] = { 2, 2, 0, 0 };
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:642:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char rgbe[4];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:736:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
      char buffer[128];
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:743:13:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
      len = sprintf(buffer, "EXPOSURE=          1.0000000000000\n\n-Y %d +X %d\n", y, x);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:1054:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(line_buffer, z, width*n);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:1083:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char sig[8] = { 137,80,78,71,13,10,26,10 };
data/goxel-0.10.6/ext_src/yocto/ext/stb_image_write.h:1418:13:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   unsigned char YTable[64], UVTable[64];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:155:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];  // name and type are up to 255 chars long.
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:156:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char type[256];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:163:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char name[256];  // less than 255 bytes long
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:168:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad[3];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:1209:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:1210:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:1815:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:1816:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:1817:18:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:2184:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:2213:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:2310:31:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:3309:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:3310:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0],
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:3658:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:3795:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:3797:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4147:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4313:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4485:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out_buf.m_pBuf, pnghdr, 41);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4555:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4571:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4603:24:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:4754:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5080:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5219:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5225:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(pStat->m_comment,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5246:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5894:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5942:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[4096];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:6148:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buf[4096];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:6642:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7114:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&data_len, marker, sizeof(uint32_t));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7125:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&data->at(0), marker, static_cast<size_t>(data_len));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7150:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char pad[3];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&info.pixel_type, p, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7222:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&info.x_sampling, p, sizeof(int));          // int
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7224:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&info.y_sampling, p, sizeof(int));  // int
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7249:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, channels[c].name.c_str(), strlen(channels[c].name.c_str()));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7261:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, &pixel_type, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7267:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, &x_sampling, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7270:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(p, &y_sampling, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7354:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7363:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7495:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(out, in, count);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7582:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7591:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8264:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(frq, scode, sizeof(long long) * HUF_ENCSIZE);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8735:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void writeUInt(char buf[4], unsigned int i) {
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8744:36:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static unsigned int readUInt(const char buf[4]) {
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8851:37:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           unsigned char bitmap[BITMAP_SIZE],
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8873:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char bitmap[BITMAP_SIZE], unsigned short lut[USHORT_RANGE]) {
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8887:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const unsigned char bitmap[BITMAP_SIZE], unsigned short lut[USHORT_RANGE]) {
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8914:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char bitmap[BITMAP_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8959:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(cd.end, ptr, n * sizeof(unsigned short));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8978:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &minNonZero, sizeof(unsigned short));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8980:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &maxNonZero, sizeof(unsigned short));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:8984:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(buf, reinterpret_cast<char *>(&bitmap[0] + minNonZero),
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9010:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(buf, &zero, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9015:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(lengthPtr, &length, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9025:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outPtr, inPtr, inSize);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9036:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(outPtr, inPtr, inLen);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9040:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char bitmap[BITMAP_SIZE];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9062:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(reinterpret_cast<char *>(&bitmap[0] + minNonZero), ptr,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9133:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(outPtr, cd.end, static_cast<size_t>(n * sizeof(unsigned short)));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9216:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(dst, src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:9247:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy(&buf.at(0), src, src_size);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10077:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&x_size, &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10078:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&y_size, &data.at(4), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10148:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->data_window[0], &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10149:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->data_window[1], &data.at(4), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10150:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->data_window[2], &data.at(8), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10151:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->data_window[3], &data.at(12), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10159:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->display_window[0], &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10160:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->display_window[1], &data.at(4), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10161:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->display_window[2], &data.at(8), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10162:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->display_window[3], &data.at(12), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10177:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->pixel_aspect_ratio, &data.at(0), sizeof(float));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10182:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->screen_window_center[0], &data.at(0), sizeof(float));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10183:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->screen_window_center[1], &data.at(4), sizeof(float));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10190:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->screen_window_width, &data.at(0), sizeof(float));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10196:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&info->chunk_count, &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10208:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(reinterpret_cast<char *>(attrib.value), &data.at(0),
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10325:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(exr_header->custom_attributes[i].name, info.attributes[i].name, 256);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10326:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(exr_header->custom_attributes[i].type, info.attributes[i].type, 256);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10380:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(tile_coordinates, data_ptr, sizeof(int) * 4);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10391:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&data_len, data_ptr + 16,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10437:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&line_no, data_ptr, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10439:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&data_len, data_ptr + 4, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10500:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&y, marker, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10501:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&data_len, marker + 4, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10577:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&offset, marker, sizeof(tinyexr::tinyexr_uint64));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10882:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11286:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(0), &start_y, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11287:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(4), &data_len, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11316:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(0), &start_y, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11317:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(4), &data_len, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11341:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(0), &start_y, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11342:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(4), &data_len, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11369:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(0), &start_y, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11370:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(4), &data_len, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11396:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(0), &start_y, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11397:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&header.at(4), &data_len, sizeof(unsigned int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11434:3:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
  memcpy((*memory_out), &memory.at(0), memory.size());
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11471:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "wb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11501:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11625:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dx, &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11626:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dy, &data.at(4), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11627:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dw, &data.at(8), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11628:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&dh, &data.at(12), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11639:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&x, &data.at(0), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11640:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&y, &data.at(4), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11641:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&w, &data.at(8), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11642:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&h, &data.at(12), sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11672:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&offset, marker, sizeof(tinyexr::tinyexr_int64));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11728:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&line_no, data_ptr, sizeof(int));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11729:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&packedOffsetTableSize, data_ptr + 4,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11731:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&packedSampleDataSize, data_ptr + 12,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11733:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&unpackedSampleDataSize, data_ptr + 20,
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:11952:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12080:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12180:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12196:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  unsigned char buf[tinyexr::kEXRVersionSize];
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12257:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&offset, marker, 8);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12284:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(&part_no, part_number_addr, sizeof(unsigned int));  // 4
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12318:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  FILE *fp = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:451:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(embree_positions, epositions.data(), epositions.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:452:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(embree_lines, elines.data(), elines.size() * 4);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:471:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, shape.positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:473:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_triangles, shape.triangles.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:492:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, shape.positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:494:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_quads, shape.quads.data(), shape.quads.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:513:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, shape.positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:515:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_quads, shape.quadspos.data(), shape.quadspos.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:611:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, epositions.data(), epositions.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:612:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_lines, elines.data(), elines.size() * 4);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:623:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, transformed_positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:625:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_triangles, shape.triangles.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:636:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, transformed_positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:638:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_quads, shape.quads.data(), shape.quads.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:648:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_positions, transformed_positions.data(),
data/goxel-0.10.6/ext_src/yocto/yocto_bvh.cpp:650:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
      memcpy(embree_quads, shape.quadspos.data(), shape.quadspos.size() * 16);
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1673:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1679:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1695:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *w   = atoi(toks[0].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1696:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *h   = atoi(toks[1].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1785:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename, "wb");
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1992:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename, "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:1998:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:2009:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *w   = atoi(toks[0].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:2010:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *h   = atoi(toks[1].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:2011:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *d   = atoi(toks[2].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:2012:10:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
  *nc  = atoi(toks[3].c_str());
data/goxel-0.10.6/ext_src/yocto/yocto_image.cpp:2113:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename, "wb");
data/goxel-0.10.6/ext_src/yocto/yocto_math.h:1825:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buffer[256];
data/goxel-0.10.6/ext_src/yocto/yocto_math.h:1826:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(buffer, "%02d:%02d:%02d.%03d", hours, mins, secs, msecs);
data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp:51:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto f = fopen(filename.c_str(), "r");
data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp:72:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), !binary ? "rt" : "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp:224:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp:339:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_obj.cpp:409:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.cpp:592:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), "rt");
data/goxel-0.10.6/ext_src/yocto/yocto_random.h:365:20:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
   static unsigned char indices[64] =
data/goxel-0.10.6/ext_src/yocto/yocto_random.h:386:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static unsigned char _stb__perlin_randtab[512] =
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:120:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), "rt");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:135:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), "wt");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:147:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:162:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), "wb");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:193:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), !binary ? "rt" : "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:199:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), !binary ? "wt" : "wb");
data/goxel-0.10.6/ext_src/yocto/yocto_sceneio.cpp:708:3:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
  char buffer[4096];
data/goxel-0.10.6/ext_src/yocto/yocto_shape.cpp:3480:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), !binary ? "rt" : "rb");
data/goxel-0.10.6/ext_src/yocto/yocto_shape.cpp:3486:13:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  auto fs = fopen(filename.c_str(), !binary ? "wt" : "wb");
data/goxel-0.10.6/ext_src/yocto/yocto_shape.cpp:3669:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         magic[4]             = {0};
data/goxel-0.10.6/ext_src/yocto/yocto_shape.cpp:3677:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char         info[88]             = {0};
data/goxel-0.10.6/src/action.h:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            shortcut[8];    // Can be changed at runtime.
data/goxel-0.10.6/src/camera.h:48:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char   name[128];  // 127 chars max.
data/goxel-0.10.6/src/formats/dicom.c:57:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  vr[2];
data/goxel-0.10.6/src/formats/dicom.c:64:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char     ui[256];
data/goxel-0.10.6/src/formats/dicom.c:118:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[4];
data/goxel-0.10.6/src/formats/dicom.c:149:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char vr[3] = "  ";
data/goxel-0.10.6/src/formats/dicom.c:150:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp_buff[128];
data/goxel-0.10.6/src/formats/dicom.c:164:45:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_INSTANCE_NUMBER.v) sprintf(vr, "IS");
data/goxel-0.10.6/src/formats/dicom.c:165:44:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_SLICE_LOCATION.v) sprintf(vr, "DS");
data/goxel-0.10.6/src/formats/dicom.c:166:47:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_SAMPLES_PER_PIXEL.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:167:34:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_ROWS.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:168:37:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_COLUMNS.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:169:44:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_BITS_ALLOCATED.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:170:41:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_BITS_STORED.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:171:38:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_HIGH_BIT.v) sprintf(vr, "US");
data/goxel-0.10.6/src/formats/dicom.c:172:40:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        if (tag.v == TAG_PIXEL_DATA.v) sprintf(vr, "OB");
data/goxel-0.10.6/src/formats/dicom.c:214:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out->vr, vr, 2);
data/goxel-0.10.6/src/formats/dicom.c:255:16:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *in = fopen(path, "rb");
data/goxel-0.10.6/src/formats/gltf.c:105:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           const char *name,
data/goxel-0.10.6/src/formats/gltf.c:106:54:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
                           int component_type, const char *type,
data/goxel-0.10.6/src/formats/gltf.c:324:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(data[i], g->palette.entries[i].color, 3);
data/goxel-0.10.6/src/formats/gltf.c:388:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "w");
data/goxel-0.10.6/src/formats/gox.c:99:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     type[4];
data/goxel-0.10.6/src/formats/gox.c:190:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->type, type, 4);
data/goxel-0.10.6/src/formats/gox.c:198:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c->buffer + c->length, data, size);
data/goxel-0.10.6/src/formats/gox.c:271:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(path, "wb");
data/goxel-0.10.6/src/formats/gox.c:441:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[4];
data/goxel-0.10.6/src/formats/gox.c:443:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(path, "rb");
data/goxel-0.10.6/src/formats/gox.c:490:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&(dst), dict_value, dict_value_size); \
data/goxel-0.10.6/src/formats/gox.c:502:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[4] = {};
data/goxel-0.10.6/src/formats/gox.c:510:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dict_key[256];
data/goxel-0.10.6/src/formats/gox.c:511:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dict_value[256];
data/goxel-0.10.6/src/formats/gox.c:517:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    in = fopen(path, "rb");
data/goxel-0.10.6/src/formats/gox.c:558:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(data->v, voxel_data, 64 * 64 * 4);
data/goxel-0.10.6/src/formats/gox.c:716:17:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
ACTION_REGISTER(open,
data/goxel-0.10.6/src/formats/povray.c:90:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "wb");
data/goxel-0.10.6/src/formats/qubicle.c:65:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/formats/qubicle.c:151:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "wb");
data/goxel-0.10.6/src/formats/txt.c:33:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(path, "w");
data/goxel-0.10.6/src/formats/vox.c:50:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/formats/vox.c:71:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(cube[i], palette[voxels[i]], 4);
data/goxel-0.10.6/src/formats/vox.c:91:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[4], r;
data/goxel-0.10.6/src/formats/vox.c:138:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[4];
data/goxel-0.10.6/src/formats/vox.c:150:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/formats/vox.c:175:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(color, ctx.palette[c], 4);
data/goxel-0.10.6/src/formats/vox.c:253:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "wb");
data/goxel-0.10.6/src/formats/voxlap.c:68:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(o, &v, 4);
data/goxel-0.10.6/src/formats/voxlap.c:78:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char magic[4];
data/goxel-0.10.6/src/formats/voxlap.c:95:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/formats/voxlap.c:142:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(cube[AT(x, y, z, w, h, d)], color, 4);
data/goxel-0.10.6/src/formats/voxlap.c:177:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/formats/voxlap.c:224:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(cube[AT(x, y, z + i, w, h, d)], palette[color], 4);
data/goxel-0.10.6/src/formats/voxlap.c:236:25:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                        memcpy(cube[AT(x, y, i, w, h, d)], palette[color], 4);
data/goxel-0.10.6/src/formats/voxlap.c:348:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "wb");
data/goxel-0.10.6/src/formats/voxlap.c:368:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(palette[i], goxel.palette->entries[i].color, 4);
data/goxel-0.10.6/src/formats/vxl.c:41:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(o, &v, 4);
data/goxel-0.10.6/src/formats/vxl.c:148:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(c, &color, 4);
data/goxel-0.10.6/src/formats/vxl.c:156:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
void write_map(const char *filename,
data/goxel-0.10.6/src/formats/vxl.c:161:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    FILE *f = fopen(filename, "wb");
data/goxel-0.10.6/src/formats/vxl.c:263:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&((*color)[x][y][z]), c, 4);
data/goxel-0.10.6/src/formats/wavefront.c:106:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(c, verts[i * size + j].color, 3);
data/goxel-0.10.6/src/formats/wavefront.c:123:11:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    out = fopen(path, "w");
data/goxel-0.10.6/src/goxel.c:431:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[1024];
data/goxel-0.10.6/src/goxel.c:1031:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[128];
data/goxel-0.10.6/src/goxel.c:1084:5:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
    sprintf(layer->name, "img");
data/goxel-0.10.6/src/gui.cpp:120:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
        char buf[128];
data/goxel-0.10.6/src/gui.cpp:463:30:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static bool color_edit(const char *name, uint8_t color[4],
data/goxel-0.10.6/src/gui.cpp:1174:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color(const char *label, uint8_t color[4])
data/goxel-0.10.6/src/gui.cpp:1183:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(backup_color, color, 4);
data/goxel-0.10.6/src/gui.cpp:1198:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color_small(const char *label, uint8_t color[4])
data/goxel-0.10.6/src/gui.cpp:1201:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(orig, color, 4);
data/goxel-0.10.6/src/gui.cpp:1218:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color_small_f3(const char *label, float color[3])
data/goxel-0.10.6/src/gui.cpp:1416:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_quat(const char *label, float q[4])
data/goxel-0.10.6/src/gui.cpp:1634:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(target, color, 4);
data/goxel-0.10.6/src/gui.h:80:21:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_quat(const char *label, float q[4]);
data/goxel-0.10.6/src/gui.h:88:22:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color(const char *label, uint8_t color[4]);
data/goxel-0.10.6/src/gui.h:89:28:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color_small(const char *label, uint8_t color[4]);
data/goxel-0.10.6/src/gui.h:90:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool gui_color_small_f3(const char *label, float color[3]);
data/goxel-0.10.6/src/gui/export_panel.c:48:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *names[ARRAY_SIZE(FORMATS)];
data/goxel-0.10.6/src/gui/palette_panel.c:30:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char id[128];
data/goxel-0.10.6/src/gui/settings.c:148:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[1024];
data/goxel-0.10.6/src/gui/settings.c:152:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "w");
data/goxel-0.10.6/src/gui/tools_panel.c:54:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char action_id[64];
data/goxel-0.10.6/src/gui/tools_panel.c:55:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char label[64];
data/goxel-0.10.6/src/image.c:724:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c, data + (j * w + i) * bpp, bpp);
data/goxel-0.10.6/src/layer.h:35:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        name[256];  // 256 chars max.
data/goxel-0.10.6/src/main.c:53:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    const char *script_args[32];
data/goxel-0.10.6/src/main.c:83:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/goxel-0.10.6/src/marchingcube.c:121:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(poly, tri, 3 * sizeof(mc_vert_t));
data/goxel-0.10.6/src/marchingcube.c:214:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poly[0].color, poly[nb - 1].color, 4);
data/goxel-0.10.6/src/marchingcube.c:216:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(poly[1].color, poly[2].color, 4);
data/goxel-0.10.6/src/marchingcube.c:226:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out[i * 2 + 0][2].pos, center, sizeof(c));
data/goxel-0.10.6/src/marchingcube.c:230:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out[i * 2 + 1][1].pos, center, sizeof(c));
data/goxel-0.10.6/src/marchingcube.c:247:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, new_tri, ret * sizeof(*out));
data/goxel-0.10.6/src/marchingcube.c:282:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, &data[( \
data/goxel-0.10.6/src/marchingcube.c:336:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(tri[i][v].color, c1[3] > c2[3] ? c1 : c2, 4);
data/goxel-0.10.6/src/material.h:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char  name[128];  // 127 chars max.
data/goxel-0.10.6/src/mesh.c:93:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, ret, sizeof(ret));
data/goxel-0.10.6/src/mesh.c:120:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bbox, ret, sizeof(ret));
data/goxel-0.10.6/src/mesh.c:209:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(data->voxels, block->data->voxels, N * N * N * 4);
data/goxel-0.10.6/src/mesh.c:232:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, BLOCK_AT(block, x, y, z), 4);
data/goxel-0.10.6/src/mesh.c:286:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(bbox, ret, sizeof(ret));
data/goxel-0.10.6/src/mesh.c:533:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out, BLOCK_AT(it->block, p[0], p[1], p[2]), 4);
data/goxel-0.10.6/src/mesh.c:568:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(BLOCK_AT(block, p[0], p[1], p[2]), v, 4);
data/goxel-0.10.6/src/mesh.c:751:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&data[(dz * size[1] * size[0] + dy * size[0] + dx) * 4],
data/goxel-0.10.6/src/mesh.c:804:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&data[(z * size[1] * size[0] + y * size[0] + x) * 4], v, 4);
data/goxel-0.10.6/src/mesh_to_vertices.c:171:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, &data[( \
data/goxel-0.10.6/src/mesh_to_vertices.c:261:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out[nb * 4 + i].normal, normal, sizeof(normal));
data/goxel-0.10.6/src/mesh_to_vertices.c:262:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out[nb * 4 + i].tangent, tangent, sizeof(tangent));
data/goxel-0.10.6/src/mesh_to_vertices.c:263:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out[nb * 4 + i].gradient, gradient, sizeof(gradient));
data/goxel-0.10.6/src/mesh_to_vertices.c:264:17:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
                memcpy(out[nb * 4 + i].color, v, sizeof(v));
data/goxel-0.10.6/src/mesh_utils.c:228:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(ret, a, 4);
data/goxel-0.10.6/src/mesh_utils.c:266:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, ret, 4);
data/goxel-0.10.6/src/mesh_utils.c:364:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(c, painter->color, 4);
data/goxel-0.10.6/src/mesh_utils.c:427:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (color) memcpy(key.color, color, 4);
data/goxel-0.10.6/src/mesh_utils.c:476:16:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    if (color) memcpy(key.color, color, 4);
data/goxel-0.10.6/src/mesh_utils.c:563:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char buf[128];
data/goxel-0.10.6/src/model3d.c:265:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, in, 4);
data/goxel-0.10.6/src/palette.c:56:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(e->color, col, 4);
data/goxel-0.10.6/src/palette.c:70:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char entry_name[128];
data/goxel-0.10.6/src/palette.c:129:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(color, (uint8_t[]){0, 0, 0, 255}, 4);
data/goxel-0.10.6/src/palette.c:130:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(color, img + i * bpp, bpp);
data/goxel-0.10.6/src/palette.h:26:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char     name[32];
data/goxel-0.10.6/src/palette.h:32:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char    name[128];
data/goxel-0.10.6/src/pathtracer.cpp:136:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[128];
data/goxel-0.10.6/src/pathtracer.cpp:600:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&pt->buf[(i * pt->w + j) * 4], &v, 4);
data/goxel-0.10.6/src/pathtracer.cpp:640:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&pt->buf[(i * pt->w + j) * 4], &v, 4);
data/goxel-0.10.6/src/procedural.c:218:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(seed, &v, 4);
data/goxel-0.10.6/src/quantization.c:48:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(v.c, c, 4);
data/goxel-0.10.6/src/render.c:173:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, in, 4);
data/goxel-0.10.6/src/render.c:703:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(pos, block_pos, sizeof(block_pos));
data/goxel-0.10.6/src/shader_cache.c:25:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[256];
data/goxel-0.10.6/src/shader_cache.c:38:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[256];
data/goxel-0.10.6/src/shader_cache.c:39:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[128];
data/goxel-0.10.6/src/shader_cache.c:40:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char pre[256] = {};
data/goxel-0.10.6/src/system.c:46:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ret[PATH_MAX] = "";
data/goxel-0.10.6/src/system.c:105:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char ret[MAX_PATH * 3 + 128] = {0};
data/goxel-0.10.6/src/system.c:106:5:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    wchar_t knownpath_16[MAX_PATH];
data/goxel-0.10.6/src/system.c:114:13:  [2] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant string.
            strcat(ret, "\\Goxel\\");
data/goxel-0.10.6/src/system.c:190:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char tmp[PATH_MAX];
data/goxel-0.10.6/src/system.c:209:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    static char buf[1024] = {};
data/goxel-0.10.6/src/system.c:275:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "wb");
data/goxel-0.10.6/src/tests.c:39:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen("/tmp/goxel_test.gox", "w");
data/goxel-0.10.6/src/tests.c:120:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen("/tmp/goxel_test.gox", "w");
data/goxel-0.10.6/src/theme.c:109:31:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static void parse_color(const char *s, uint8_t out[4])
data/goxel-0.10.6/src/theme.c:217:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "w");
data/goxel-0.10.6/src/theme.c:245:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(out, theme->groups[g].colors[color], 4);
data/goxel-0.10.6/src/theme.h:130:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char name[64];
data/goxel-0.10.6/src/tools/procedural.c:49:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char export_animation_path[1024];
data/goxel-0.10.6/src/tools/procedural.c:107:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char path[1024];
data/goxel-0.10.6/src/tools/procedural.c:128:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char dir[1024];
data/goxel-0.10.6/src/tools/procedural.c:161:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(prog->path, "w");
data/goxel-0.10.6/src/utils.c:46:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char time_str[32] = "";
data/goxel-0.10.6/src/utils.c:60:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(time_str, "%.3f: ", get_log_time());
data/goxel-0.10.6/src/utils.c:85:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/utils/cache.c:28:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char            key[256];
data/goxel-0.10.6/src/utils/cache.c:68:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(item->key, key, len);
data/goxel-0.10.6/src/utils/gl.c:243:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char log[1024];
data/goxel-0.10.6/src/utils/gl.h:68:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char        name[64];
data/goxel-0.10.6/src/utils/img.c:65:12:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    file = fopen(path, "rb");
data/goxel-0.10.6/src/utils/img.c:116:10:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    fp = fopen(path, "wb");
data/goxel-0.10.6/src/utils/mustache.c:177:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char key[128];
data/goxel-0.10.6/src/utils/sound.c:98:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(out, wav->buffer + wav->pos, size);
data/goxel-0.10.6/src/utils/sound.c:126:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(wav->buffer, data + 44, wav->size);
data/goxel-0.10.6/src/utils/texture.c:66:9:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
        memcpy(&dst[(i * dst_w + j) * bpp], &src[(i * src_w + j) * bpp], bpp);
data/goxel-0.10.6/src/utils/texture.c:174:13:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
            memcpy(&buf[(i * w + j) * bpp],
data/goxel-0.10.6/ext_src/glew/glew.c:151:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  symbolName = malloc(strlen((const char*)name) + 2);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1257:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(dst, src, count - 1);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1263:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t len = strlen(str);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1270:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t dst_buf_size = p_dst_size ? *p_dst_size : strlen(dst) + 1;
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1271:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    size_t src_size = strlen(src) + 1;
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:1313:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        needle_end = needle + strlen(needle);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2005:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ImGuiTextRange input_range(InputBuf, InputBuf+strlen(InputBuf));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2075:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = str_end ? (int)(str_end - str) : (int)strlen(str);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2326:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            text_end = text + strlen(text); // FIXME-OPT
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2344:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        text_end = text + strlen(text); // FIXME-OPT
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:2611:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    NameBufLen = (int)strlen(name) + 1;
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9071:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    IM_ASSERT(strlen(type) < IM_ARRAYSIZE(payload.DataType) && "Payload type can be at most 32 characters long");
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9466:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const size_t name_len = strlen(name);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9524:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        ini_size = strlen(ini_data);
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9755:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    CFDataRef cf_data = CFDataCreate(kCFAllocatorDefault, (const UInt8*)text, strlen(text));
data/goxel-0.10.6/ext_src/imgui/imgui.cpp:9808:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char* text_end = text + strlen(text);
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1204:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        text_end = text_begin + strlen(text_begin);
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1779:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        for (p = filename + strlen(filename); p > filename && p[-1] != '/' && p[-1] != '\\'; p--) {}
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:1813:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int compressed_ttf_size = (((int)strlen(compressed_ttf_data_base85) + 4) / 5) * 4;
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:2834:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        text_end = text_begin + strlen(text_begin); // FIXME-OPT: Need to avoid this.
data/goxel-0.10.6/ext_src/imgui/imgui_draw.cpp:2942:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        text_end = text_begin + strlen(text_begin); // ImGui:: functions generally already provides a valid text_end, so this is merely to handle direct calls.
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:146:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        text_end = text + strlen(text); // FIXME-OPT
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1573:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p) + 1;
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:1638:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        p += strlen(p) + 1;
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3331:83:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const int new_text_len = new_text_end ? (int)(new_text_end - new_text) : (int)strlen(new_text);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3536:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        const int buf_len = (int)strlen(buf);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3810:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                const int clipboard_len = (int)strlen(clipboard);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:3936:68:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                        IM_ASSERT(callback_data.BufTextLen == (int)strlen(callback_data.Buf)); // You need to maintain BufTextLen if you change the text!
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4013:34:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf_display_end = hint + strlen(hint);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:4183:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            buf_display_end = buf_display + strlen(buf_display);
data/goxel-0.10.6/ext_src/imgui/imgui_widgets.cpp:7039:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    tab_bar->TabsNames.append(label, label + strlen(label) + 1);
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:483:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   #define STBTT_strlen(x)    strlen(x)
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:4292:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
static int equal(float *a, float *b)
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:4341:17:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (equal(q0,q1) || equal(q1,q2)) {
data/goxel-0.10.6/ext_src/imgui/imstb_truetype.h:4341:33:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (equal(q0,q1) || equal(q1,q2)) {
data/goxel-0.10.6/ext_src/inih/ini.c:36:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    char* p = s + strlen(s);
data/goxel-0.10.6/ext_src/inih/ini.c:73:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(dest, src, size - 1);
data/goxel-0.10.6/ext_src/inih/ini.c:120:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        offset = strlen(line);
data/goxel-0.10.6/ext_src/inih/ini.c:135:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            offset += strlen(line + offset);
data/goxel-0.10.6/ext_src/inih/ini.c:266:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    ctx.num_left = strlen(string);
data/goxel-0.10.6/ext_src/json/json-builder.c:208:44:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   return json_object_push_length (object, strlen (name), name, value);
data/goxel-0.10.6/ext_src/json/json-builder.c:276:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   return json_string_new_length (strlen (buf), buf);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:401:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      *len = (def ? strlen(def) : 0);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:538:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  luaL_addlstring(B, s, strlen(s));
data/goxel-0.10.6/ext_src/lua/lauxlib.c:674:9:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    c = getc(lf->f);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:679:10:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  return getc(lf->f);  /* return next character */
data/goxel-0.10.6/ext_src/lua/lauxlib.c:694:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
      c = getc(lf->f);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:696:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    *cp = getc(lf->f);  /* skip end-of-line, if present */
data/goxel-0.10.6/ext_src/lua/lauxlib.c:765:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  return luaL_loadbuffer(L, s, strlen(s), s);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:861:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (e == NULL) e = fname + strlen(fname);
data/goxel-0.10.6/ext_src/lua/lauxlib.c:994:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t l = strlen(p);
data/goxel-0.10.6/ext_src/lua/ldblib.c:409:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (luaL_loadbuffer(L, buffer, strlen(buffer), "=(debug command)") ||
data/goxel-0.10.6/ext_src/lua/liolib.c:43:38:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
         (strspn(mode, L_MODEEXT) == strlen(mode)));  /* check extensions */
data/goxel-0.10.6/ext_src/lua/liolib.c:90:20:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
#define l_getc(f)		getc(f)
data/goxel-0.10.6/ext_src/lua/liolib.c:475:11:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  int c = getc(f);
data/goxel-0.10.6/ext_src/lua/loadlib.c:429:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  if (l == NULL) l = path + strlen(path);
data/goxel-0.10.6/ext_src/lua/lobject.c:284:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s) > L_MAXLENNUM || pdot == NULL)
data/goxel-0.10.6/ext_src/lua/lobject.c:410:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        pushstr(L, s, strlen(s));
data/goxel-0.10.6/ext_src/lua/lobject.c:462:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  pushstr(L, fmt, strlen(fmt));
data/goxel-0.10.6/ext_src/lua/lobject.c:488:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t l = strlen(source);
data/goxel-0.10.6/ext_src/lua/lstring.c:231:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  p[0] = luaS_newlstr(L, str, strlen(str));
data/goxel-0.10.6/ext_src/lua/lstrlib.c:585:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    upto += strlen(p + upto) + 1;  /* may have more after \0 */
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1007:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t l = strlen(form);
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1008:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t lm = strlen(lenmod);
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1070:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            luaL_argcheck(L, l == strlen(s), arg, "string contains zeros");
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1400:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        luaL_argcheck(L, strlen(s) == len, arg, "string contains zeros");
data/goxel-0.10.6/ext_src/lua/lstrlib.c:1524:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        size_t len = (int)strlen(data + pos);
data/goxel-0.10.6/ext_src/lua/lundump.c:221:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  size_t len = strlen(s);
data/goxel-0.10.6/ext_src/lua/lvm.c:258:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
      size_t len = strlen(l);  /* index of first '\0' in both strings */
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:125:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        filters += strlen(filters) + 1;
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:129:13:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        buf[strlen(buf)] = '\0';
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:135:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            patterns += strlen(patterns);
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:140:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        filters += strlen(filters) + 1;
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:255:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            filters += strlen(filters) + 1; // skip the name
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:258:17:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            buf[strlen(buf) + 1] = '\0';
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:266:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                patterns += strlen(patterns);
data/goxel-0.10.6/ext_src/noc/noc_file_dialog.h:269:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            filters += strlen(filters) + 1;
data/goxel-0.10.6/ext_src/stb/stb_image.h:362:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   int      (*read)  (void *user,char *data,int size);   // fill 'data' with 'size' bytes.  return number of bytes actually read
data/goxel-0.10.6/ext_src/stb/stb_image.h:1454:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen);
data/goxel-0.10.6/ext_src/stb/stb_image.h:1481:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/stb/stb_image.h:1497:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/stb/stb_image.h:1510:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/stb/stb_image.h:1517:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen);
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:477:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
   #define STBTT_strlen(x)    strlen(x)
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:4243:12:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
static int equal(float *a, float *b)
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:4292:17:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (equal(q0,q1) || equal(q1,q2)) {
data/goxel-0.10.6/ext_src/stb/stb_truetype.h:4292:33:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
            if (equal(q0,q1) || equal(q1,q2)) {
data/goxel-0.10.6/ext_src/uthash/uthash.h:92:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define uthash_strlen(s) strlen(s)
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:834:3:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
		strncpy(path, base, prefix);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:848:62:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char* path = (char*)memory_alloc(options->memory_user_data, strlen(uri) + strlen(base_path) + 1);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:848:76:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	char* path = (char*)memory_alloc(options->memory_user_data, strlen(uri) + strlen(base_path) + 1);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1545:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t const str_len = strlen(str);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1555:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmp, (const char*)json_chunk + tok->start, size);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1565:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(tmp, (const char*)json_chunk + tok->start, size);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1652:2:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
	strncpy(result, (const char*)json_chunk + tokens[i].start, size);
data/goxel-0.10.6/ext_src/yocto/ext/cgltf.h:1679:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	size_t len = us ? us - name : strlen(name);
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:1401:46:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    return with.length() <= what.length() && equal(with.begin(), with.end(), what.begin());
data/goxel-0.10.6/ext_src/yocto/ext/filesystem.hpp:3270:20:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    while ((br = ::read(in, buffer.data(), buffer.size())) > 0) {
data/goxel-0.10.6/ext_src/yocto/ext/happly.h:226:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    stream.read((char*)&data.back(), sizeof(T));
data/goxel-0.10.6/ext_src/yocto/ext/happly.h:383:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    stream.read(((char*)&count), listCountBytes);
data/goxel-0.10.6/ext_src/yocto/ext/happly.h:388:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    stream.read((char*)&data.back().front(), count*sizeof(T));
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:362:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   int      (*read)  (void *user,char *data,int size);   // fill 'data' with 'size' bytes.  return number of bytes actually read
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1454:19:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen);
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1481:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1497:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1510:14:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
   if (s->io.read) {
data/goxel-0.10.6/ext_src/yocto/ext/stb_image.h:1517:25:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
         count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5292:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5319:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  name_len = strlen(pName);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:5321:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  comment_len = pComment ? strlen(pComment) : 0;
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:6203:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  archive_name_size = strlen(pArchive_name);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:6356:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  archive_name_size = strlen(pArchive_name);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7134:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  out->insert(out->end(), name, name + strlen(name) + 1);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7135:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  out->insert(out->end(), type, type + strlen(type) + 1);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7241:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    sz += strlen(channels[c].name.c_str()) + 1;  // +1 for \0
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7249:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    memcpy(p, channels[c].name.c_str(), strlen(channels[c].name.c_str()));
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:7250:10:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    p += strlen(channels[c].name.c_str());
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10202:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(attrib.name, attr_name.c_str(), 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10204:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(attrib.type, attr_type.c_str(), 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:10298:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    strncpy(exr_header->channels[c].name, info.channels[c].name.c_str(), 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12403:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[0].name, "A", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12404:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[0].name[strlen("A")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12405:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[1].name, "B", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12406:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[1].name[strlen("B")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12407:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[2].name, "G", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12408:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[2].name[strlen("G")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12409:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[3].name, "R", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12410:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[3].name[strlen("R")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12412:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[0].name, "B", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12413:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[0].name[strlen("B")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12414:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[1].name, "G", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12415:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[1].name[strlen("G")] = '\0';
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12416:5:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120). Risk is low because the source is a
  constant character.
    strncpy(header.channels[2].name, "R", 255);
data/goxel-0.10.6/ext_src/yocto/ext/tinyexr.h:12417:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    header.channels[2].name[strlen("R")] = '\0';
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.cpp:228:61:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
          {"equal", pbrt_accelerator::bvh_t::splitmethod_t::equal},
data/goxel-0.10.6/ext_src/yocto/yocto_pbrt.h:275:38:  [1] (buffer) equal:
  Function does not check the second iterator for over-read conditions
  (CWE-126). This function is often discouraged by most C++ coding standards
  in favor of its safer alternatives provided since C++14. Consider using a
  form of this function that checks the second iterator before potentially
  overflowing it.
    enum struct splitmethod_t { sah, equal, middle, hlbvh };
data/goxel-0.10.6/src/action.c:38:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        assert(strlen(action->default_shortcut) < sizeof(action->shortcut));
data/goxel-0.10.6/src/action.c:41:48:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HASH_ADD_KEYPTR(hh, g_actions, action->id, strlen(action->id), item);
data/goxel-0.10.6/src/action.c:81:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    for (i = lua_gettop(l); i < strlen(a->csig + 1); i++) {
data/goxel-0.10.6/src/action.c:176:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    nb = c ? (int)strlen(sig) : 0;
data/goxel-0.10.6/src/camera.c:26:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(cam->name, name, sizeof(cam->name) - 1);
data/goxel-0.10.6/src/formats/dicom.c:103:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strncmp(a, b, strlen(b)) == 0;
data/goxel-0.10.6/src/formats/gltf.c:389:25:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fwrite(json_buf, 1, strlen(json_buf), file);
data/goxel-0.10.6/src/formats/gox.c:189:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    assert(strlen(type) == 4);
data/goxel-0.10.6/src/formats/gox.c:210:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chunk_write_int32(c, out, (int)strlen(name));
data/goxel-0.10.6/src/formats/gox.c:211:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    chunk_write(c, out, name, (int)strlen(name));
data/goxel-0.10.6/src/formats/gox.c:320:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(material->name));
data/goxel-0.10.6/src/formats/gox.c:357:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(layer->name));
data/goxel-0.10.6/src/formats/gox.c:369:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(layer->image->path));
data/goxel-0.10.6/src/formats/gox.c:376:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(layer->shape->id));
data/goxel-0.10.6/src/formats/gox.c:390:32:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
                               strlen(camera->name));
data/goxel-0.10.6/src/formats/qubicle.c:168:24:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        WRITE(uint8_t, strlen(layer->name), file);
data/goxel-0.10.6/src/formats/qubicle.c:169:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        fwrite(layer->name, strlen(layer->name), 1, file);
data/goxel-0.10.6/src/gui.cpp:585:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        s += strlen("Ctrl ");
data/goxel-0.10.6/src/gui/settings.c:119:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(a->shortcut, value, sizeof(a->shortcut) - 1);
data/goxel-0.10.6/src/image.c:91:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = strlen(base);
data/goxel-0.10.6/src/image.c:95:20:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            len -= strlen(ext);
data/goxel-0.10.6/src/image.c:133:37:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    len = sizeof(layer->name) - 1 - strlen(" clone");
data/goxel-0.10.6/src/layer.c:26:15:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
    if (name) strncpy(layer->name, name, sizeof(layer->name) - 1);
data/goxel-0.10.6/src/palette.c:74:33:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        if (!end) end = start + strlen(start);
data/goxel-0.10.6/src/shader_cache.c:49:13:  [1] (buffer) strcat:
  Does not check for buffer overflows when concatenating to destination
  [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
  snprintf (warning: strncat is easily misused). Risk is low because the
  source is a constant character.
            strcat(key, "_");
data/goxel-0.10.6/src/shader_cache.c:69:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            sprintf(pre + strlen(pre), "#define %s\n", define->name);
data/goxel-0.10.6/src/theme.c:127:13:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
            strncpy(theme->name, value, sizeof(theme->name) - 1);
data/goxel-0.10.6/src/tools/procedural.c:166:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    fwrite(prog->code, 1, strlen(prog->code), file);
data/goxel-0.10.6/src/tools/procedural.c:190:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    buf_size = 64 * 1024 + strlen(p->current->code);
data/goxel-0.10.6/src/utils.c:62:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    file = file + max(0, (int)strlen(file) - 20); // Truncate file path.
data/goxel-0.10.6/src/utils.c:101:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(str) < strlen(end)) return false;
data/goxel-0.10.6/src/utils.c:101:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(str) < strlen(end)) return false;
data/goxel-0.10.6/src/utils.c:102:31:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *start = str + strlen(str) - strlen(end);
data/goxel-0.10.6/src/utils.c:102:45:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    const char *start = str + strlen(str) - strlen(end);
data/goxel-0.10.6/src/utils.c:109:9:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) < strlen(s2)) return false;
data/goxel-0.10.6/src/utils.c:109:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if (strlen(s1) < strlen(s2)) return false;
data/goxel-0.10.6/src/utils.c:110:28:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return strncmp(s1, s2, strlen(s2)) == 0;
data/goxel-0.10.6/src/utils/b64.c:39:15:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    int len = strlen(src);
data/goxel-0.10.6/src/utils/json.c:92:21:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    string = calloc(strlen("data:") + strlen(mime) + strlen(";base64,") +
data/goxel-0.10.6/src/utils/json.c:92:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    string = calloc(strlen("data:") + strlen(mime) + strlen(";base64,") +
data/goxel-0.10.6/src/utils/json.c:92:54:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    string = calloc(strlen("data:") + strlen(mime) + strlen(";base64,") +
data/goxel-0.10.6/src/utils/json.c:95:39:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    base64_encode(data, len, string + strlen(string));
data/goxel-0.10.6/src/utils/json.c:96:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    return json_string_new_nocopy(strlen(string), string);
data/goxel-0.10.6/src/utils/mustache.c:128:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen(tree->s); i++) *out++ = tree->s[i];
data/goxel-0.10.6/src/utils/mustache.c:129:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(tree->s);
data/goxel-0.10.6/src/utils/mustache.c:156:29:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
            for (i = 0; i < strlen(elem->s); i++) *out++ = elem->s[i];
data/goxel-0.10.6/src/utils/mustache.c:157:16:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        return strlen(elem->s);
data/goxel-0.10.6/src/utils/mustache.c:193:9:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for invalid
  pointers [MS-banned] (CWE-120).
        strncpy(key, templ + matches[1].rm_so, len);
data/goxel-0.10.6/src/utils/sound.c:43:15:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    int     (*read)(struct sound_source *source, void *data, int size);
data/goxel-0.10.6/src/utils/sound.c:146:41:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    HASH_ADD_KEYPTR(hh, g_sounds, name, strlen(name), sound);

ANALYSIS SUMMARY:

Hits = 976
Lines analyzed = 206280 in approximately 7.30 seconds (28267 lines/second)
Physical Source Lines of Code (SLOC) = 155475
Hits@level = [0] 217 [1] 186 [2] 691 [3]  14 [4]  75 [5]  10
Hits@level+ = [0+] 1193 [1+] 976 [2+] 790 [3+]  99 [4+]  85 [5+]  10
Hits/KSLOC@level+ = [0+] 7.67326 [1+] 6.27754 [2+] 5.0812 [3+] 0.636758 [4+] 0.546712 [5+] 0.064319
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.