Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/pioneers-15.6/server/admin.h
Examining data/pioneers-15.6/server/glib-driver.c
Examining data/pioneers-15.6/server/resource.c
Examining data/pioneers-15.6/server/gold.c
Examining data/pioneers-15.6/server/buildutil.c
Examining data/pioneers-15.6/server/gtk/server-resources.h
Examining data/pioneers-15.6/server/gtk/main.c
Examining data/pioneers-15.6/server/gtk/server-resources.c
Examining data/pioneers-15.6/server/meta.c
Examining data/pioneers-15.6/server/admin.c
Examining data/pioneers-15.6/server/main.c
Examining data/pioneers-15.6/server/develop.c
Examining data/pioneers-15.6/server/player.c
Examining data/pioneers-15.6/server/server.c
Examining data/pioneers-15.6/server/robber.c
Examining data/pioneers-15.6/server/discard.c
Examining data/pioneers-15.6/server/avahi.c
Examining data/pioneers-15.6/server/avahi.h
Examining data/pioneers-15.6/server/trade.c
Examining data/pioneers-15.6/server/server.h
Examining data/pioneers-15.6/server/turn.c
Examining data/pioneers-15.6/server/pregame.c
Examining data/pioneers-15.6/server/glib-driver.h
Examining data/pioneers-15.6/editor/gtk/game-buildings.c
Examining data/pioneers-15.6/editor/gtk/game-devcards.h
Examining data/pioneers-15.6/editor/gtk/editor-resources.c
Examining data/pioneers-15.6/editor/gtk/editor-resources.h
Examining data/pioneers-15.6/editor/gtk/game-devcards.c
Examining data/pioneers-15.6/editor/gtk/game-resources.c
Examining data/pioneers-15.6/editor/gtk/editor.c
Examining data/pioneers-15.6/editor/gtk/game-buildings.h
Examining data/pioneers-15.6/editor/gtk/game-resources.h
Examining data/pioneers-15.6/common/map_query.c
Examining data/pioneers-15.6/common/cards.h
Examining data/pioneers-15.6/common/deck.c
Examining data/pioneers-15.6/common/network.c
Examining data/pioneers-15.6/common/cost.h
Examining data/pioneers-15.6/common/gettext.h
Examining data/pioneers-15.6/common/random.c
Examining data/pioneers-15.6/common/game-list.h
Examining data/pioneers-15.6/common/log.c
Examining data/pioneers-15.6/common/state.h
Examining data/pioneers-15.6/common/authors.h
Examining data/pioneers-15.6/common/gtk/metaserver.c
Examining data/pioneers-15.6/common/gtk/map-icons.h
Examining data/pioneers-15.6/common/gtk/common_gtk.c
Examining data/pioneers-15.6/common/gtk/theme.c
Examining data/pioneers-15.6/common/gtk/game-settings.h
Examining data/pioneers-15.6/common/gtk/game-rules.h
Examining data/pioneers-15.6/common/gtk/polygon.c
Examining data/pioneers-15.6/common/gtk/map-icons.c
Examining data/pioneers-15.6/common/gtk/game-rules.c
Examining data/pioneers-15.6/common/gtk/select-game.c
Examining data/pioneers-15.6/common/gtk/common_gtk.h
Examining data/pioneers-15.6/common/gtk/scrollable-text-view.h
Examining data/pioneers-15.6/common/gtk/guimap.h
Examining data/pioneers-15.6/common/gtk/config-gnome.c
Examining data/pioneers-15.6/common/gtk/colors.c
Examining data/pioneers-15.6/common/gtk/metaserver.h
Examining data/pioneers-15.6/common/gtk/theme.h
Examining data/pioneers-15.6/common/gtk/aboutbox.h
Examining data/pioneers-15.6/common/gtk/scrollable-text-view.c
Examining data/pioneers-15.6/common/gtk/player-icon.c
Examining data/pioneers-15.6/common/gtk/select-game.h
Examining data/pioneers-15.6/common/gtk/polygon.h
Examining data/pioneers-15.6/common/gtk/config-gnome.h
Examining data/pioneers-15.6/common/gtk/guimap.c
Examining data/pioneers-15.6/common/gtk/aboutbox.c
Examining data/pioneers-15.6/common/gtk/game-settings.c
Examining data/pioneers-15.6/common/gtk/colors.h
Examining data/pioneers-15.6/common/gtk/player-icon.h
Examining data/pioneers-15.6/common/state.c
Examining data/pioneers-15.6/common/buildrec.h
Examining data/pioneers-15.6/common/version.h
Examining data/pioneers-15.6/common/driver.c
Examining data/pioneers-15.6/common/quoteinfo.c
Examining data/pioneers-15.6/common/set.h
Examining data/pioneers-15.6/common/random.h
Examining data/pioneers-15.6/common/game-list.c
Examining data/pioneers-15.6/common/set.c
Examining data/pioneers-15.6/common/log.h
Examining data/pioneers-15.6/common/gettext.c
Examining data/pioneers-15.6/common/network.h
Examining data/pioneers-15.6/common/quoteinfo.h
Examining data/pioneers-15.6/common/notifying-string-private.h
Examining data/pioneers-15.6/common/map.c
Examining data/pioneers-15.6/common/deck.h
Examining data/pioneers-15.6/common/common_glib.h
Examining data/pioneers-15.6/common/game.h
Examining data/pioneers-15.6/common/buildrec.c
Examining data/pioneers-15.6/common/cards.c
Examining data/pioneers-15.6/common/game.c
Examining data/pioneers-15.6/common/common_glib.c
Examining data/pioneers-15.6/common/driver.h
Examining data/pioneers-15.6/common/notifying-string.c
Examining data/pioneers-15.6/common/notifying-string.h
Examining data/pioneers-15.6/common/map.h
Examining data/pioneers-15.6/common/cost.c
Examining data/pioneers-15.6/metaserver/main.c
Examining data/pioneers-15.6/client/ai/greedy.c
Examining data/pioneers-15.6/client/ai/lobbybot.c
Examining data/pioneers-15.6/client/ai/genetic_core.c
Examining data/pioneers-15.6/client/ai/ai.c
Examining data/pioneers-15.6/client/ai/genetic.c
Examining data/pioneers-15.6/client/ai/genetic_core.h
Examining data/pioneers-15.6/client/ai/ai.h
Examining data/pioneers-15.6/client/gtk/resource-view.c
Examining data/pioneers-15.6/client/gtk/gui.h
Examining data/pioneers-15.6/client/gtk/notification.c
Examining data/pioneers-15.6/client/gtk/offline.c
Examining data/pioneers-15.6/client/gtk/gui.c
Examining data/pioneers-15.6/client/gtk/resource-table.c
Examining data/pioneers-15.6/client/gtk/quote-view.h
Examining data/pioneers-15.6/client/gtk/resource-view-private.h
Examining data/pioneers-15.6/client/gtk/audio.c
Examining data/pioneers-15.6/client/gtk/quote.c
Examining data/pioneers-15.6/client/gtk/audio.h
Examining data/pioneers-15.6/client/gtk/resource.c
Examining data/pioneers-15.6/client/gtk/gold.c
Examining data/pioneers-15.6/client/gtk/state.c
Examining data/pioneers-15.6/client/gtk/identity.c
Examining data/pioneers-15.6/client/gtk/develop.c
Examining data/pioneers-15.6/client/gtk/chat.c
Examining data/pioneers-15.6/client/gtk/player.c
Examining data/pioneers-15.6/client/gtk/client-resources.c
Examining data/pioneers-15.6/client/gtk/discard.c
Examining data/pioneers-15.6/client/gtk/avahi.c
Examining data/pioneers-15.6/client/gtk/resource-view.h
Examining data/pioneers-15.6/client/gtk/histogram.h
Examining data/pioneers-15.6/client/gtk/avahi.h
Examining data/pioneers-15.6/client/gtk/frontend.h
Examining data/pioneers-15.6/client/gtk/callbacks.c
Examining data/pioneers-15.6/client/gtk/interface.c
Examining data/pioneers-15.6/client/gtk/resource-table.h
Examining data/pioneers-15.6/client/gtk/plenty.c
Examining data/pioneers-15.6/client/gtk/trade.c
Examining data/pioneers-15.6/client/gtk/avahi-browser.c
Examining data/pioneers-15.6/client/gtk/frontend.c
Examining data/pioneers-15.6/client/gtk/admin-gtk.c
Examining data/pioneers-15.6/client/gtk/notification.h
Examining data/pioneers-15.6/client/gtk/settingscreen.c
Examining data/pioneers-15.6/client/gtk/avahi-browser.h
Examining data/pioneers-15.6/client/gtk/monopoly.c
Examining data/pioneers-15.6/client/gtk/name.c
Examining data/pioneers-15.6/client/gtk/client-resources.h
Examining data/pioneers-15.6/client/gtk/gameover.c
Examining data/pioneers-15.6/client/gtk/quote-view.c
Examining data/pioneers-15.6/client/gtk/connect.c
Examining data/pioneers-15.6/client/gtk/legend.c
Examining data/pioneers-15.6/client/gtk/histogram.c
Examining data/pioneers-15.6/client/common/callback.c
Examining data/pioneers-15.6/client/common/resource.c
Examining data/pioneers-15.6/client/common/main.c
Examining data/pioneers-15.6/client/common/develop.c
Examining data/pioneers-15.6/client/common/player.c
Examining data/pioneers-15.6/client/common/robber.c
Examining data/pioneers-15.6/client/common/build.c
Examining data/pioneers-15.6/client/common/turn.c
Examining data/pioneers-15.6/client/common/client.h
Examining data/pioneers-15.6/client/common/setup.c
Examining data/pioneers-15.6/client/common/client.c
Examining data/pioneers-15.6/client/common/stock.c
Examining data/pioneers-15.6/client/callback.h
FINAL RESULTS:
data/pioneers-15.6/client/common/resource.c:241:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, resource_name(idx, FALSE));
data/pioneers-15.6/client/common/resource.c:257:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%d %s", num,
data/pioneers-15.6/client/common/resource.c:260:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str, "%s", resource_name(idx, FALSE));
data/pioneers-15.6/client/gtk/gameover.c:52:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, _("%s has won the game with %d victory points!"),
data/pioneers-15.6/client/gtk/gameover.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, _("All praise %s, Lord of the known world!"),
data/pioneers-15.6/client/gtk/quote-view.c:306:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(desc, _("%d:1 %s for %s"),
data/pioneers-15.6/client/gtk/resource-table.c:317:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buff, "%s", "++");
data/pioneers-15.6/client/gtk/trade.c:206:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(desc, resource_name(idx, FALSE));
data/pioneers-15.6/client/gtk/trade.c:222:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(desc, format, buf1);
data/pioneers-15.6/client/gtk/trade.c:227:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(desc, format, buf1);
data/pioneers-15.6/client/gtk/trade.c:233:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(desc, format, buf1, buf2);
data/pioneers-15.6/client/ai/ai.c:53:7: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (g_rand_int_range(chat_rand, 0, 101) > nochat_percent) { \
data/pioneers-15.6/client/ai/ai.c:54:18: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ai_chat(array[g_rand_int_range(chat_rand, 0, G_N_ELEMENTS(array))]); \
data/pioneers-15.6/client/ai/genetic_core.c:423:17: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dice_roll1 = g_random_int_range(1, 7); /*(random() % 6) + 1; */
data/pioneers-15.6/client/ai/genetic_core.c:424:17: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
dice_roll2 = g_random_int_range(1, 7); /*(random() % 6) + 1; */
data/pioneers-15.6/common/random.c:44:15: [3] (random) g_rand_int:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
randomseed = g_rand_int(g_rand_ctx);
data/pioneers-15.6/common/random.c:56:9: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return g_rand_int_range(g_rand_ctx, 0, range);
data/pioneers-15.6/server/player.c:349:9: [3] (random) g_random_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (g_random_int_range(0, num) == 0) {
data/pioneers-15.6/client/ai/genetic.c:2787:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80];
data/pioneers-15.6/client/ai/genetic.c:2794:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((chromFilePointer = fopen(chromosomeFile, "r")) == NULL) {
data/pioneers-15.6/client/common/player.c:125:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, _("Spectator %d"),
data/pioneers-15.6/client/common/player.c:128:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, _("spectator %d"),
data/pioneers-15.6/client/common/player.c:137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, _("Player %d"), player_num);
data/pioneers-15.6/client/common/player.c:139:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, _("player %d"), player_num);
data/pioneers-15.6/client/common/resource.c:225:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, _("nothing"));
data/pioneers-15.6/client/common/resource.c:231:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, _("any resource"));
data/pioneers-15.6/client/common/resource.c:253:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(str, " + ");
data/pioneers-15.6/client/gtk/admin-gtk.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[ADMIN_BUFSIZE];
data/pioneers-15.6/client/gtk/avahi.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char resolved_hostname
data/pioneers-15.6/client/gtk/connect.c:520:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(data, "%d", atoi(line + len));
data/pioneers-15.6/client/gtk/connect.c:520:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sprintf(data, "%d", atoi(line + len));
data/pioneers-15.6/client/gtk/connect.c:622:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(p);
data/pioneers-15.6/client/gtk/connect.c:627:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(p + 1);
data/pioneers-15.6/client/gtk/connect.c:1612:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname1, "favorites/server%dname=", i);
data/pioneers-15.6/client/gtk/connect.c:1613:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname2, "favorites/server%dport=", i);
data/pioneers-15.6/client/gtk/connect.c:1620:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname1, "favorites/server%dname", i);
data/pioneers-15.6/client/gtk/connect.c:1621:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(keyname2, "favorites/server%dport", i);
data/pioneers-15.6/client/gtk/connect.c:1803:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_str, "favorites/server%dname=", i);
data/pioneers-15.6/client/gtk/connect.c:1810:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp_str, "favorites/server%dport=", i);
data/pioneers-15.6/client/gtk/gameover.c:30:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[512];
data/pioneers-15.6/client/gtk/histogram.c:118:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", max);
data/pioneers-15.6/client/gtk/histogram.c:151:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", i * max / GRID_DIVISIONS);
data/pioneers-15.6/client/gtk/histogram.c:209:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", histogram_dice_retrieve(i));
data/pioneers-15.6/client/gtk/identity.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10];
data/pioneers-15.6/client/gtk/identity.c:118:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", data->stock_num());
data/pioneers-15.6/client/gtk/identity.c:189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[10];
data/pioneers-15.6/client/gtk/identity.c:192:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", data->stock_num());
data/pioneers-15.6/client/gtk/player.c:312:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(points, "%d",
data/pioneers-15.6/client/gtk/resource-table.c:291:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", rt->total_current);
data/pioneers-15.6/client/gtk/resource-table.c:298:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", row->amount);
data/pioneers-15.6/client/gtk/resource-table.c:308:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", row->hand + row->amount);
data/pioneers-15.6/client/gtk/resource-table.c:310:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d", row->hand - row->amount);
data/pioneers-15.6/client/gtk/resource-table.c:319:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buff, "%d",
data/pioneers-15.6/client/gtk/resource.c:109:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[16];
data/pioneers-15.6/client/gtk/trade.c:154:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str, "%d", resource_asset(resource) - amount);
data/pioneers-15.6/client/gtk/trade.c:203:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(desc, "%d ", resources[idx]);
data/pioneers-15.6/common/game.c:502:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(line);
data/pioneers-15.6/common/game.c:574:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "r")) == NULL) {
data/pioneers-15.6/common/game.c:814:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(fname, "w")) == NULL) {
data/pioneers-15.6/common/gtk/config-gnome.c:205:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
value = atoi(tokens[2]);
data/pioneers-15.6/common/gtk/guimap.c:823:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(num, "<b>%d</b>", n);
data/pioneers-15.6/common/gtk/player-icon.c:145:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, original_data, size);
data/pioneers-15.6/common/gtk/player-icon.c:163:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(replace_here, color_new, 12);
data/pioneers-15.6/common/gtk/player-icon.c:402:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*variant = atoi(style_parts[2]);
data/pioneers-15.6/common/gtk/theme.c:586:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(f = fopen(filename, "r"))) {
data/pioneers-15.6/common/map.c:958:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bufferpos, "%d", hex->chit_pos);
data/pioneers-15.6/common/network.c:57:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_buff[16 * 1024];
data/pioneers-15.6/common/network.c:376:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ses->port = atoi(port);
data/pioneers-15.6/editor/gtk/editor.c:1144:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/pioneers-15.6/metaserver/main.c:259:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
&& (atoi(scan->port) == free_port)) {
data/pioneers-15.6/metaserver/main.c:356:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*data = atoi(line + len);
data/pioneers-15.6/metaserver/main.c:413:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client->protocol_major = atoi(p);
data/pioneers-15.6/metaserver/main.c:416:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client->protocol_minor = atoi(p + 1);
data/pioneers-15.6/metaserver/main.c:568:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(pidfile, "w");
data/pioneers-15.6/metaserver/main.c:725:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
net_service_new(atoi(PIONEERS_DEFAULT_META_PORT), meta_event,
data/pioneers-15.6/server/admin.c:221:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
register_server = atoi(argument);
data/pioneers-15.6/server/admin.c:224:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_num_players(params, atoi(argument));
data/pioneers-15.6/server/admin.c:227:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_sevens_rule(params, atoi(argument));
data/pioneers-15.6/server/admin.c:230:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_use_dice_deck(params, atoi(argument));
data/pioneers-15.6/server/admin.c:233:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_num_dice_decks(params, atoi(argument));
data/pioneers-15.6/server/admin.c:237:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(argument));
data/pioneers-15.6/server/admin.c:240:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_victory_points(params, atoi(argument));
data/pioneers-15.6/server/admin.c:243:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cfg_set_terrain_type(params, atoi(argument));
data/pioneers-15.6/server/admin.c:357:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
admin_dice_roll = CLAMP(atoi(argument), 0, 12);
data/pioneers-15.6/server/admin.c:508:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
net_service_new(atoi(port), admin_event, NULL, &error_message);
data/pioneers-15.6/server/avahi.c:139:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(game->server_port),
data/pioneers-15.6/server/meta.c:229:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
metaserver_version_major = atoi(p);
data/pioneers-15.6/server/meta.c:233:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
atoi(p + 1);
data/pioneers-15.6/server/player.c:340:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "r");
data/pioneers-15.6/server/player.c:458:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "connecting");
data/pioneers-15.6/server/player.c:568:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nm, _("Spectator %d"), num++);
data/pioneers-15.6/server/player.c:571:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(nm, _("Player %d"), player->num);
data/pioneers-15.6/server/resource.c:56:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(player->prev_assets,
data/pioneers-15.6/server/server.c:169:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
net_service_new(atoi(game->server_port), player_connect, game,
data/pioneers-15.6/client/common/resource.c:254:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(str);
data/pioneers-15.6/client/common/resource.c:262:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
str += strlen(str);
data/pioneers-15.6/client/gtk/admin-gtk.c:125:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buff, "admin ", ADMIN_PREFIX_LEN);
data/pioneers-15.6/client/gtk/chat.c:47:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buff, text, sizeof(buff) - 1);
data/pioneers-15.6/client/gtk/client-resources.c:3071:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/client/gtk/client-resources.c:3079:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/client/gtk/client-resources.c:3091:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/client/gtk/client-resources.c:3098:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/client/gtk/connect.c:505:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(prefix);
data/pioneers-15.6/client/gtk/connect.c:509:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(data, line + len, STRARG_LEN);
data/pioneers-15.6/client/gtk/connect.c:516:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(prefix);
data/pioneers-15.6/client/gtk/connect.c:1630:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cur_name) == 0) {
data/pioneers-15.6/client/gtk/connect.c:1805:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (default_returned || !strlen(host_name)) {
data/pioneers-15.6/client/gtk/connect.c:1812:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (default_returned || !strlen(host_port)) {
data/pioneers-15.6/client/gtk/player.c:315:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(points, "");
data/pioneers-15.6/client/gtk/trade.c:204:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
desc += strlen(desc);
data/pioneers-15.6/client/gtk/trade.c:207:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
desc += strlen(desc);
data/pioneers-15.6/common/game-list.c:120:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(fname);
data/pioneers-15.6/common/game.c:161:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
word_len = strlen(word);
data/pioneers-15.6/common/game.c:216:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (name == NULL || strlen(name) == 0) {
data/pioneers-15.6/common/game.c:282:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!str || strlen(str) < 1) {
data/pioneers-15.6/common/game.c:549:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(part);
data/pioneers-15.6/common/game.c:559:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*line);
data/pioneers-15.6/common/game.c:1102:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset += (ssize_t) strlen(*str);
data/pioneers-15.6/common/game.c:1167:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (ssize_t) strlen(type);
data/pioneers-15.6/common/gtk/player-icon.c:156:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(strlen(color_old) == 12);
data/pioneers-15.6/common/gtk/player-icon.c:157:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_assert(strlen(color_new) == 12);
data/pioneers-15.6/common/map.c:959:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufferpos += strlen(bufferpos);
data/pioneers-15.6/common/network.c:140:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/pioneers-15.6/editor/gtk/editor-resources.c:1265:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/editor/gtk/editor-resources.c:1273:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/editor/gtk/editor-resources.c:1285:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/editor/gtk/editor-resources.c:1292:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/metaserver/main.c:339:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint len = strlen(prefix);
data/pioneers-15.6/metaserver/main.c:352:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
guint len = strlen(prefix);
data/pioneers-15.6/metaserver/main.c:602:2: [1] (access) umask:
Ensure that umask is given most restrictive possible setting (e.g., 066 or
077) (CWE-732).
umask(0);
data/pioneers-15.6/server/gtk/main.c:559:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (novar || !strlen(metaserver_name)
data/pioneers-15.6/server/gtk/main.c:561:4: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(metaserver_name) + 1))
data/pioneers-15.6/server/gtk/server-resources.c:645:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/server/gtk/server-resources.c:653:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/pioneers-15.6/server/gtk/server-resources.c:665:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/server/gtk/server-resources.c:672:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/pioneers-15.6/server/player.c:140:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > MAX_CHAT)
data/pioneers-15.6/server/player.c:157:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(text) > MAX_NAME_LENGTH)
data/pioneers-15.6/server/player.c:459:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(name); i < G_N_ELEMENTS(name) - 1; ++i) {
data/pioneers-15.6/server/player.c:574:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(nm, name, G_N_ELEMENTS(nm));
data/pioneers-15.6/server/player.c:583:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(nm); i < G_N_ELEMENTS(nm) - 1; ++i) {
data/pioneers-15.6/server/player.c:969:18: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
g_strdelimit(mismatch, "|", '_');
data/pioneers-15.6/server/player.c:972:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
mismatch,
data/pioneers-15.6/server/player.c:975:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
g_free(mismatch);
data/pioneers-15.6/server/server.c:229:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (hostname && strlen(hostname) > 0) {
ANALYSIS SUMMARY:
Hits = 145
Lines analyzed = 58806 in approximately 1.71 seconds (34328 lines/second)
Physical Source Lines of Code (SLOC) = 44523
Hits@level = [0] 126 [1] 51 [2] 76 [3] 7 [4] 11 [5] 0
Hits@level+ = [0+] 271 [1+] 145 [2+] 94 [3+] 18 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 6.08674 [1+] 3.25674 [2+] 2.11127 [3+] 0.404285 [4+] 0.247063 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.