Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/AdvancedCombinerManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/AdvancedCombinerManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/AdvancedTexEnvCombiner.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/AdvancedTexEnvCombiner.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerBase.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerBase.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerCache.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerCache.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerStageCreator.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerStageCreator.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerStageMerger.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerStageMerger.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/CombinerStructs.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/DummyCombiner.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/DummyCombiner.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/SimpleTexEnvCombiner.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Combiner/SimpleTexEnvCombiner.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/DisplayListParser.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/DisplayListParser.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ExtensionChecker.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ExtensionChecker.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/FogManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/FogManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/GBI/GBI.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/GBI/GBI.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/GBI/GBIDefs.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/GraphicsPlugin.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/GraphicsPlugin.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Memory.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/Memory.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/MultiTexturingExt.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/MultiTexturingExt.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/N64Games.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/OpenGL.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/OpenGLManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/OpenGLManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RDP/RDP.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RDP/RDP.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RDP/RDPInstructions.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RDP/RDPInstructions.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RDP/RDPUCodeStructs.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSP.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSP.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPLightManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPLightManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPMatrixManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPMatrixManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPVertexManager.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RSP/RSPVertexManager.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/SecondaryColorExt.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/SecondaryColorExt.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/UCodeDefs.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/VI.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/VI.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/Config.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/Config.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/ConfigMap.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/StringFunctions.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/StringFunctions.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/config/StringValue.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/framebuffer/FrameBuffer.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/framebuffer/FrameBuffer.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/hash/CRCCalculator.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/hash/CRCCalculator.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/hash/CRCCalculator2.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/hash/CRCCalculator2.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/log/Logger.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/log/Logger.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/m64p.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/math/MathLib.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/math/Matrix4.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/math/Matrix4.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/osal_dynamiclib.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/osal_dynamiclib_unix.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/osal_dynamiclib_win32.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/renderer/OpenGL2DRenderer.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/renderer/OpenGL2DRenderer.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/renderer/OpenGLRenderer.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/renderer/OpenGLRenderer.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/CachedTexture.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/CachedTexture.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/ImageFormatSelector.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/ImageFormatSelector.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/TextureCache.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/TextureCache.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/TextureLoader.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/texture/TextureLoader.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode0.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode0.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode1.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode1.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode10.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode10.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode2.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode2.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode3.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode3.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode4.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode4.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode5.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode5.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode6.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode6.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode7.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode7.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode8.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode8.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode9.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCode9.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeIdentificationData.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp
Examining data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.h
Examining data/mupen64plus-video-arachnoid-2.5.9/src/utils/MemoryLeakDetector.h

FINAL RESULTS:

data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:238:9:  [4] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf.
        sprintf(logMsg, "Selected UCode %d String=%s", ucode, ucodeString);
data/mupen64plus-video-arachnoid-2.5.9/src/osal_dynamiclib_win32.cpp:34:19:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
    *pLibHandle = LoadLibrary(pccLibraryPath);
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:202:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char Five2Eight[32] =
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:238:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char Four2Eight[16] = 
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:258:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char Three2Four[8] = 
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:270:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char Three2Eight[8] = 
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:281:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char Two2Eight[4] = 
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:289:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char One2Four[2] = 
data/mupen64plus-video-arachnoid-2.5.9/src/Assembler/assembler.h:295:16:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
const unsigned char One2Eight[2] = 
data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.cpp:54:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&m_romHeader, romHeader, sizeof(ROMHeader));
data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.cpp:73:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
N64_ROM_ID ROMDetector::_getRomID(char romName[20])
data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.h:41:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char             romName[20];       //!< Name of rom, used to identify what rom it is.
data/mupen64plus-video-arachnoid-2.5.9/src/RomDetector.h:133:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    N64_ROM_ID _getRomID(char romName[20]);  
data/mupen64plus-video-arachnoid-2.5.9/src/config/StringValue.h:101:16:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atoi(data.c_str());
data/mupen64plus-video-arachnoid-2.5.9/src/config/StringValue.h:104:24:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return (short) atoi(data.c_str());
data/mupen64plus-video-arachnoid-2.5.9/src/config/StringValue.h:107:16:  [2] (integer) atol:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
        return atol(data.c_str());
data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp:106:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char logMsg[530];
data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp:115:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(logMsg, "Core emulator broken; no CoreAPIVersionFunc() function found.");
data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp:123:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(logMsg, "Emulator core Config API (v%i.%i.%i) incompatible with plugin (v%i.%i.%i)",
data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp:130:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(logMsg, "Emulator core Video Extension API (v%i.%i.%i) incompatible with plugin (v%i.%i.%i)",
data/mupen64plus-video-arachnoid-2.5.9/src/main.cpp:251:5:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
    memcpy(&g_graphicsInfo, &Gfx_Info, sizeof(GFX_INFO));
data/mupen64plus-video-arachnoid-2.5.9/src/renderer/OpenGLRenderer.h:98:14:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    unsigned char m_triangles[300][3];     //!< Triangles used to index vertices
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:216:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char ucodeString[500];
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:235:5:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    char logMsg[530];
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:243:9:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
        sprintf(logMsg, "Selected UCode %d Could not find UCode String ", ucode);
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:257:67:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
bool UCodeSelector::_extractUCodeString(unsigned int ucDataStart, char out[500])
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:296:91:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int UCodeSelector::_detectUCode(unsigned int crcUCodeDataSize, unsigned int crc800, const char ucodeStr[500])
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:320:49:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
int UCodeSelector::_detectUCodeFromString(const char ucodeStr[500])
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.h:52:56:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    bool _extractUCodeString(unsigned int ucDataStart, char out[500]);
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.h:53:80:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    int _detectUCode(unsigned int crcUCodeDataSize, unsigned int crc800, const char ucodeStr[500]);
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.h:54:38:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
    int _detectUCodeFromString(const char ucodeStr[500]);
data/mupen64plus-video-arachnoid-2.5.9/src/ExtensionChecker.cpp:50:30:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        terminator = where + strlen(extension);
data/mupen64plus-video-arachnoid-2.5.9/src/config/StringFunctions.cpp:107:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* end = &str[strlen(str)-1];
data/mupen64plus-video-arachnoid-2.5.9/src/config/StringFunctions.cpp:138:27:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
        char* end = str + strlen(str) - 1;
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:324:42:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strnicmp( ucodeStr, tempUCode0, strlen(tempUCode0) ) == 0 )
data/mupen64plus-video-arachnoid-2.5.9/src/ucodes/UCodeSelector.cpp:335:35:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    if ( strnicmp(ucodeStr, temp, strlen(temp)) == 0 )

ANALYSIS SUMMARY:

Hits = 36
Lines analyzed = 19956 in approximately 0.54 seconds (37081 lines/second)
Physical Source Lines of Code (SLOC) = 11249
Hits@level = [0]   4 [1]   5 [2]  29 [3]   1 [4]   1 [5]   0
Hits@level+ = [0+]  40 [1+]  36 [2+]  31 [3+]   2 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 3.55587 [1+] 3.20028 [2+] 2.7558 [3+] 0.177794 [4+] 0.0888968 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.