Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/stormlib-9.22/src/FileStream.cpp
Examining data/stormlib-9.22/src/FileStream.h
Examining data/stormlib-9.22/src/SBaseCommon.cpp
Examining data/stormlib-9.22/src/SBaseDumpData.cpp
Examining data/stormlib-9.22/src/SBaseFileTable.cpp
Examining data/stormlib-9.22/src/SBaseSubTypes.cpp
Examining data/stormlib-9.22/src/SCompression.cpp
Examining data/stormlib-9.22/src/SFileAddFile.cpp
Examining data/stormlib-9.22/src/SFileAttributes.cpp
Examining data/stormlib-9.22/src/SFileCompactArchive.cpp
Examining data/stormlib-9.22/src/SFileCreateArchive.cpp
Examining data/stormlib-9.22/src/SFileExtractFile.cpp
Examining data/stormlib-9.22/src/SFileFindFile.cpp
Examining data/stormlib-9.22/src/SFileGetFileInfo.cpp
Examining data/stormlib-9.22/src/SFileListFile.cpp
Examining data/stormlib-9.22/src/SFileOpenArchive.cpp
Examining data/stormlib-9.22/src/SFileOpenFileEx.cpp
Examining data/stormlib-9.22/src/SFilePatchArchives.cpp
Examining data/stormlib-9.22/src/SFileReadFile.cpp
Examining data/stormlib-9.22/src/SFileVerify.cpp
Examining data/stormlib-9.22/src/StormCommon.h
Examining data/stormlib-9.22/src/StormLib.h
Examining data/stormlib-9.22/src/StormPort.h
Examining data/stormlib-9.22/src/adpcm/adpcm.cpp
Examining data/stormlib-9.22/src/adpcm/adpcm.h
Examining data/stormlib-9.22/src/adpcm/adpcm_old.cpp
Examining data/stormlib-9.22/src/adpcm/adpcm_old.h
Examining data/stormlib-9.22/src/bzip2/blocksort.c
Examining data/stormlib-9.22/src/bzip2/bzlib.c
Examining data/stormlib-9.22/src/bzip2/bzlib.h
Examining data/stormlib-9.22/src/bzip2/bzlib_private.h
Examining data/stormlib-9.22/src/bzip2/compress.c
Examining data/stormlib-9.22/src/bzip2/crctable.c
Examining data/stormlib-9.22/src/bzip2/decompress.c
Examining data/stormlib-9.22/src/bzip2/huffman.c
Examining data/stormlib-9.22/src/bzip2/randtable.c
Examining data/stormlib-9.22/src/huffman/huff.cpp
Examining data/stormlib-9.22/src/huffman/huff.h
Examining data/stormlib-9.22/src/jenkins/lookup.h
Examining data/stormlib-9.22/src/jenkins/lookup3.c
Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/hash_memory.c
Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c
Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_argchk.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cfg.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_macros.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_math.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_misc.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_pk.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_pkcs.h
Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h
Examining data/stormlib-9.22/src/libtomcrypt/src/math/ltm_desc.c
Examining data/stormlib-9.22/src/libtomcrypt/src/math/multi.c
Examining data/stormlib-9.22/src/libtomcrypt/src/math/rand_prime.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/base64_decode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_argchk.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_find_hash.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_find_prng.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_hash_descriptor.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_hash_is_valid.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_libc.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_ltc_mp_descriptor.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_prng_descriptor.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_prng_is_valid.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_register_hash.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_register_prng.c
Examining data/stormlib-9.22/src/libtomcrypt/src/misc/zeromem.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_bit_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_boolean.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_choice.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_ia5_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_object_identifier.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_octet_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_printable_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_ex.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_flexi.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_multi.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_short_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utctime.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utf8_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_bit_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_boolean.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_ia5_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_object_identifier.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_octet_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_printable_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_sequence_ex.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_sequence_multi.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_set.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_setof.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_short_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_utctime.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_utf8_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_bit_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_boolean.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_ia5_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_object_identifier.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_octet_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_printable_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_sequence.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_short_integer.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_utctime.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_utf8_string.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_sequence_free.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_map.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_points.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_exptmod.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_free.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_import.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_make_key.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_sign_hash.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_verify_hash.c
Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_verify_simple.c
Examining data/stormlib-9.22/src/libtommath/bn_fast_mp_invmod.c
Examining data/stormlib-9.22/src/libtommath/bn_fast_mp_montgomery_reduce.c
Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_mul_digs.c
Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_mul_high_digs.c
Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_sqr.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_2expt.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_abs.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_add.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_add_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_addmod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_and.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_clamp.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_clear.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_clear_multi.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp_mag.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_cnt_lsb.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_copy.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_count_bits.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_div.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_div_2.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_div_2d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_div_3.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_div_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_is_modulus.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_reduce.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_setup.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_exch.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_expt_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_exptmod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_exptmod_fast.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_exteuclid.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_fread.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_fwrite.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_gcd.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_get_int.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_grow.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init_copy.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init_multi.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init_set.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init_set_int.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_init_size.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_invmod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_invmod_slow.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_is_square.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_jacobi.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_karatsuba_mul.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_karatsuba_sqr.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_lcm.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_lshd.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mod_2d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mod_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_calc_normalization.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_reduce.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_setup.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mul.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_2.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_2d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_mulmod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_n_root.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_neg.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_or.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_fermat.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_is_divisible.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_is_prime.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_miller_rabin.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_next_prime.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_rabin_miller_trials.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_random_ex.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_radix_size.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_radix_smap.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_rand.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_read_radix.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_read_signed_bin.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_read_unsigned_bin.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_l.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_setup.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_setup_l.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_is_2k.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_is_2k_l.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_setup.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_rshd.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_set.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_set_int.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_shrink.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_signed_bin_size.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_sqr.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_sqrmod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_sqrt.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_sub.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_sub_d.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_submod.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_to_signed_bin.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_to_signed_bin_n.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_to_unsigned_bin.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_to_unsigned_bin_n.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_toom_mul.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_toom_sqr.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_toradix.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_toradix_n.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_unsigned_bin_size.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_xor.c
Examining data/stormlib-9.22/src/libtommath/bn_mp_zero.c
Examining data/stormlib-9.22/src/libtommath/bn_prime_tab.c
Examining data/stormlib-9.22/src/libtommath/bn_reverse.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_add.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_exptmod.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_mul_digs.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_mul_high_digs.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_sqr.c
Examining data/stormlib-9.22/src/libtommath/bn_s_mp_sub.c
Examining data/stormlib-9.22/src/libtommath/bncore.c
Examining data/stormlib-9.22/src/libtommath/tommath.h
Examining data/stormlib-9.22/src/libtommath/tommath_class.h
Examining data/stormlib-9.22/src/libtommath/tommath_superclass.h
Examining data/stormlib-9.22/src/lzma/C/LzFind.c
Examining data/stormlib-9.22/src/lzma/C/LzFind.h
Examining data/stormlib-9.22/src/lzma/C/LzFindMt.c
Examining data/stormlib-9.22/src/lzma/C/LzFindMt.h
Examining data/stormlib-9.22/src/lzma/C/LzHash.h
Examining data/stormlib-9.22/src/lzma/C/LzmaDec.c
Examining data/stormlib-9.22/src/lzma/C/LzmaDec.h
Examining data/stormlib-9.22/src/lzma/C/LzmaEnc.c
Examining data/stormlib-9.22/src/lzma/C/LzmaEnc.h
Examining data/stormlib-9.22/src/lzma/C/Threads.c
Examining data/stormlib-9.22/src/lzma/C/Threads.h
Examining data/stormlib-9.22/src/lzma/C/Types.h
Examining data/stormlib-9.22/src/pklib/crc32.c
Examining data/stormlib-9.22/src/pklib/explode.c
Examining data/stormlib-9.22/src/pklib/implode.c
Examining data/stormlib-9.22/src/pklib/pklib.h
Examining data/stormlib-9.22/src/sparse/sparse.cpp
Examining data/stormlib-9.22/src/sparse/sparse.h
Examining data/stormlib-9.22/src/zlib/adler32.c
Examining data/stormlib-9.22/src/zlib/compress.c
Examining data/stormlib-9.22/src/zlib/compress_zlib.c
Examining data/stormlib-9.22/src/zlib/crc32.c
Examining data/stormlib-9.22/src/zlib/crc32.h
Examining data/stormlib-9.22/src/zlib/deflate.c
Examining data/stormlib-9.22/src/zlib/deflate.h
Examining data/stormlib-9.22/src/zlib/inffast.c
Examining data/stormlib-9.22/src/zlib/inffast.h
Examining data/stormlib-9.22/src/zlib/inffixed.h
Examining data/stormlib-9.22/src/zlib/inflate.c
Examining data/stormlib-9.22/src/zlib/inflate.h
Examining data/stormlib-9.22/src/zlib/inftrees.c
Examining data/stormlib-9.22/src/zlib/inftrees.h
Examining data/stormlib-9.22/src/zlib/trees.c
Examining data/stormlib-9.22/src/zlib/trees.h
Examining data/stormlib-9.22/src/zlib/zconf.h
Examining data/stormlib-9.22/src/zlib/zlib.h
Examining data/stormlib-9.22/src/zlib/zutil.c
Examining data/stormlib-9.22/src/zlib/zutil.h
Examining data/stormlib-9.22/storm_dll/storm_dll.cpp
Examining data/stormlib-9.22/storm_dll/storm_dll.h
Examining data/stormlib-9.22/storm_dll/storm_test.cpp
Examining data/stormlib-9.22/stormlib_dll/DllMain.c
Examining data/stormlib-9.22/test/StormTest.cpp
Examining data/stormlib-9.22/test/TLogHelper.cpp
FINAL RESULTS:
data/stormlib-9.22/src/FileStream.cpp:2253:13: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(szNameBuff, _T("%s.%u"), pStream->szFileName, nSuffix);
data/stormlib-9.22/src/SBaseFileTable.cpp:1894:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pFileEntry->szFileName, szFileName);
data/stormlib-9.22/src/SFileFindFile.cpp:412:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hs->szSearchMask, szMask);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:40:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pFileEntry->szFileName, pSrcFileEntry->szFileName);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:943:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szPseudoName, "File%08u.%s", (unsigned int)(pFileEntry - hf->ha->pFileTable), data2ext[i].szExt);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:950:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szFileName, szPseudoName);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:981:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szFileName, pFileEntry->szFileName);
data/stormlib-9.22/src/SFileOpenFileEx.cpp:64:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szBuffer + pPrefix->nLength, szFileName);
data/stormlib-9.22/src/SFilePatchArchives.cpp:739:5: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szHelperFile, FileStream_GetFileName(haBase->pStream));
data/stormlib-9.22/src/SFilePatchArchives.cpp:796:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szPatchFileName, pFileEntry->szFileName);
data/stormlib-9.22/src/SFilePatchArchives.cpp:798:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szPlainName, pBaseEntry->szFileName);
data/stormlib-9.22/src/StormPort.h:177:11: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy strcpy
data/stormlib-9.22/src/StormPort.h:177:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tcscpy strcpy
data/stormlib-9.22/src/StormPort.h:178:11: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat strcat
data/stormlib-9.22/src/StormPort.h:178:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tcscat strcat
data/stormlib-9.22/src/StormPort.h:183:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf printf
data/stormlib-9.22/src/StormPort.h:184:11: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/stormlib-9.22/src/StormPort.h:184:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/stormlib-9.22/src/bzip2/bzlib.c:1418:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(mode2, writing ? "w" : "r" );
data/stormlib-9.22/src/bzip2/bzlib_private.h:65:7: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf ( stderr, \
data/stormlib-9.22/src/bzip2/bzlib_private.h:74:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf)
data/stormlib-9.22/src/bzip2/bzlib_private.h:76:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1)
data/stormlib-9.22/src/bzip2/bzlib_private.h:78:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2)
data/stormlib-9.22/src/bzip2/bzlib_private.h:80:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3)
data/stormlib-9.22/src/bzip2/bzlib_private.h:82:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3,za4)
data/stormlib-9.22/src/bzip2/bzlib_private.h:84:4: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr,zf,za1,za2,za3,za4,za5)
data/stormlib-9.22/src/zlib/zutil.h:201:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# if !defined(vsnprintf) && !defined(NO_vsnprintf)
data/stormlib-9.22/src/zlib/zutil.h:203:18: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
# define vsnprintf _vsnprintf
data/stormlib-9.22/src/zlib/zutil.h:250:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Trace(x) {if (z_verbose>=0) fprintf x ;}
data/stormlib-9.22/src/zlib/zutil.h:251:39: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracev(x) {if (z_verbose>0) fprintf x ;}
data/stormlib-9.22/src/zlib/zutil.h:252:40: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracevv(x) {if (z_verbose>1) fprintf x ;}
data/stormlib-9.22/src/zlib/zutil.h:253:48: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;}
data/stormlib-9.22/src/zlib/zutil.h:254:49: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;}
data/stormlib-9.22/test/StormTest.cpp:361:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szBuffer, szExtraString);
data/stormlib-9.22/test/StormTest.cpp:364:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szBuffer, szFileName);
data/stormlib-9.22/test/StormTest.cpp:518:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szBuffer, szFullPath1);
data/stormlib-9.22/test/StormTest.cpp:708:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(szSearchMask, _T("%s\\*"), szDirectory);
data/stormlib-9.22/test/StormTest.cpp:759:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szDirEntry, directory_entry->d_name);
data/stormlib-9.22/test/StormTest.cpp:803:17: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szPlainName, szDirEntry);
data/stormlib-9.22/test/StormTest.cpp:872:25: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szPlainName1, wf.cFileName);
data/stormlib-9.22/test/StormTest.cpp:873:25: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szPlainName2, wf.cFileName);
data/stormlib-9.22/test/StormTest.cpp:881:25: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szPlainName1, wf.cFileName);
data/stormlib-9.22/test/StormTest.cpp:882:25: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szPlainName2, wf.cFileName);
data/stormlib-9.22/test/StormTest.cpp:1059:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szBuffer, szFullPath);
data/stormlib-9.22/test/StormTest.cpp:1330:9: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(szMirrorPath, _T("%s*%s"), szCopyPath, szMasterPath);
data/stormlib-9.22/test/StormTest.cpp:1708:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szMostPatched, sf.cFileName);
data/stormlib-9.22/test/StormTest.cpp:4138:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szArchivedName, szFileMask, i);
data/stormlib-9.22/test/StormTest.cpp:4152:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szArchivedName, szFileMask, i);
data/stormlib-9.22/test/StormTest.cpp:4235:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szArchivedName, szFileMask, i + 1);
data/stormlib-9.22/test/TLogHelper.cpp:194:15: [4] (format) _vstprintf:
Potential format string problem (CWE-134). Make format string constant.
nLength = _vstprintf(szMessage, szFormatBuff, argList);
data/stormlib-9.22/test/TLogHelper.cpp:301:15: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
nLength = vsprintf(szMessage, szFormatBuff, argList);
data/stormlib-9.22/test/TLogHelper.cpp:377:13: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szBuffer, szStringFormat);
data/stormlib-9.22/test/TLogHelper.cpp:385:13: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(szBuffer, szUint64Format);
data/stormlib-9.22/test/TLogHelper.cpp:407:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szBuffer, szStringFormat);
data/stormlib-9.22/test/TLogHelper.cpp:415:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szBuffer, szUint64Format);
data/stormlib-9.22/src/lzma/C/Threads.c:77:5: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(p);
data/stormlib-9.22/src/lzma/C/Threads.h:52:34: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
#define CriticalSection_Enter(p) EnterCriticalSection(p)
data/stormlib-9.22/src/FileStream.cpp:96:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open(pStream->szFileName, O_RDWR | O_CREAT | O_TRUNC | O_LARGEFILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH);
data/stormlib-9.22/src/FileStream.cpp:148:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open(szFileName, oflag | O_LARGEFILE);
data/stormlib-9.22/src/FileStream.cpp:497:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open(szFileName, O_RDONLY);
data/stormlib-9.22/src/FileStream.cpp:545:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvBuffer, pStream->Base.Map.pbFile + (size_t)ByteOffset, dwBytesToRead);
data/stormlib-9.22/src/FileStream.cpp:630:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szServerName[MAX_PATH];
data/stormlib-9.22/src/FileStream.cpp:719:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szRangeRequest[0x80];
data/stormlib-9.22/src/FileStream.cpp:730:13: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(szRangeRequest, _T("Range: bytes=%u-%u"), (unsigned int)dwStartOffset, (unsigned int)dwEndOffset);
data/stormlib-9.22/src/FileStream.cpp:937:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvBuffer, TransferBuffer + BlockBufferOffset, dwBytesToRead);
data/stormlib-9.22/src/FileStream.cpp:1039:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->szFileName, szFileName, FileNameSize);
data/stormlib-9.22/src/FileStream.cpp:1668:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(PartHeader.GameBuildNumber, "%u", (unsigned int)pStream->BuildNumber);
data/stormlib-9.22/src/FileStream.cpp:1887:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbKeyBuffer, szKeyTemplate, MPQE_CHUNK_SIZE);
data/stormlib-9.22/src/FileStream.cpp:1912:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(KeyMirror, pbKey, MPQE_CHUNK_SIZE);
data/stormlib-9.22/src/FileStream.cpp:2028:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(FileHeader, EncryptedHeader, MPQE_CHUNK_SIZE);
data/stormlib-9.22/src/FileStream.cpp:2194:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pStream->Base, BaseArray + i, sizeof(TBaseProviderData));
data/stormlib-9.22/src/FileStream.cpp:2268:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NewBaseArray, pStream->FileBitmap, sizeof(TBaseProviderData) * dwBaseFiles);
data/stormlib-9.22/src/FileStream.cpp:2273:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NewBaseArray + dwBaseFiles, &pStream->Base, sizeof(TBaseProviderData));
data/stormlib-9.22/src/FileStream.h:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GameBuildNumber[0x20]; // Minimum build number of the game that can use this MPQ
data/stormlib-9.22/src/SBaseCommon.cpp:31:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AsciiToLowerTable[256] =
data/stormlib-9.22/src/SBaseCommon.cpp:53:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AsciiToUpperTable[256] =
data/stormlib-9.22/src/SBaseCommon.cpp:75:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char AsciiToUpperTable_Slash[256] =
data/stormlib-9.22/src/SBaseCommon.cpp:107:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szTarget, szSource, cchSource);
data/stormlib-9.22/src/SBaseCommon.cpp:166:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szTarget, szSource, cchSource * sizeof(TCHAR));
data/stormlib-9.22/src/SBaseCommon.cpp:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameBuff[0x108];
data/stormlib-9.22/src/SBaseFileTable.cpp:873:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHashTable, ha->pHashTable, HashTableSize);
data/stormlib-9.22/src/SBaseFileTable.cpp:1245:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHetTable->pNameHashes, pbSrcData, dwTotalCount);
data/stormlib-9.22/src/SBaseFileTable.cpp:1248:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHetTable->pBetIndexes->Elements, pbSrcData + dwTotalCount, pHetTable->pBetIndexes->NumberOfBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1370:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pHetHeader, &HetHeader, sizeof(TMPQHetHeader));
data/stormlib-9.22/src/SBaseFileTable.cpp:1374:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTrgData, pHetTable->pNameHashes, pHetTable->dwTotalCount);
data/stormlib-9.22/src/SBaseFileTable.cpp:1378:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTrgData, pHetTable->pBetIndexes->Elements, HetHeader.dwIndexTableSize);
data/stormlib-9.22/src/SBaseFileTable.cpp:1627:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBetTable->pFileFlags, pbSrcData, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1641:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBetTable->pFileTable->Elements, pbSrcData, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1655:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBetTable->pNameHashes->Elements, pbSrcData, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1692:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBetHeader, &BetHeader, sizeof(TMPQBetHeader));
data/stormlib-9.22/src/SBaseFileTable.cpp:1737:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTrgData, FlagArray, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1743:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTrgData, pBitArray->Elements, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:1770:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTrgData, pBitArray->Elements, LengthInBytes);
data/stormlib-9.22/src/SBaseFileTable.cpp:2917:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&SaveMpqHeader, pHeader, pHeader->dwHeaderSize);
data/stormlib-9.22/src/SBaseSubTypes.cpp:145:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ha->HeaderData, &Header, sizeof(TMPQHeader));
data/stormlib-9.22/src/SBaseSubTypes.cpp:347:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char MpkDecryptionKey[512] =
data/stormlib-9.22/src/SBaseSubTypes.cpp:427:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ha->HeaderData, &Header, sizeof(TMPQHeader));
data/stormlib-9.22/src/SCompression.cpp:206:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, pInfo->pbInBuff, nToRead);
data/stormlib-9.22/src/SCompression.cpp:230:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pInfo->pbOutBuff, buf, nToWrite);
data/stormlib-9.22/src/SCompression.cpp:485:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, encodedProps, encodedPropsSize);
data/stormlib-9.22/src/SCompression.cpp:695:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, pvInBuffer, cbInBuffer);
data/stormlib-9.22/src/SCompression.cpp:728:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, pvInBuffer, cbInBuffer);
data/stormlib-9.22/src/SCompression.cpp:772:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char CompressByte[0x10]; // CompressByte for each method in the CompressFuncArray array
data/stormlib-9.22/src/SCompression.cpp:862:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutput + nAtLeastOneCompressionDone, pbInput, cbInLength);
data/stormlib-9.22/src/SCompression.cpp:885:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, pvInBuffer, cbInBuffer);
data/stormlib-9.22/src/SCompression.cpp:939:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, pvInBuffer, cbInBuffer);
data/stormlib-9.22/src/SCompression.cpp:1039:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvOutBuffer, pvInBuffer, cbInBuffer);
data/stormlib-9.22/src/SFileAddFile.cpp:163:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->pbFileSector + dwBytesInSector, pbFileData, dwBytesToCopy);
data/stormlib-9.22/src/SFileAddFile.cpp:332:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SectorOffsetsCopy, hf->SectorOffsets, dwSectorOffsLen);
data/stormlib-9.22/src/SFileAddFile.cpp:676:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->pPatchInfo->md5, hf->pFileEntry->md5, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/SFileAttributes.cpp:217:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ha->pFileTable[i].md5, ArrayMd5, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/SFileAttributes.cpp:314:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbArrayMD5, pFileEntry->md5, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/SFileCompactArchive.cpp:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DataBuffer[0x1000];
data/stormlib-9.22/src/SFileCompactArchive.cpp:199:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SectorOffsetsCopy, hf->SectorOffsets, dwSectorOffsLen);
data/stormlib-9.22/src/SFileCompactArchive.cpp:533:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTempFile[MAX_PATH+1] = _T("");
data/stormlib-9.22/src/SFileCompactArchive.cpp:612:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&SaveMpqHeader, ha->pHeader, ha->pHeader->dwHeaderSize);
data/stormlib-9.22/src/SFileExtractFile.cpp:39:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szBuffer[0x1000];
data/stormlib-9.22/src/SFileFindFile.cpp:26:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSearchMask[1]; // Search mask (variable length)
data/stormlib-9.22/src/SFileFindFile.cpp:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName[MAX_PATH+1];
data/stormlib-9.22/src/SFileFindFile.cpp:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameBuff[MAX_PATH];
data/stormlib-9.22/src/SFileFindFile.cpp:243:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szNameBuff, "File%08u.xxx", (unsigned int)dwBlockIndex);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:33:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFileEntry, pSrcFileEntry, sizeof(TFileEntry));
data/stormlib-9.22/src/SFileGetFileInfo.cpp:114:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szFileInfo, szFileName, nLength * sizeof(TCHAR));
data/stormlib-9.22/src/SFileGetFileInfo.cpp:810:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvFileInfo, pvSrcFileInfo, cbSrcFileInfo);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:940:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPseudoName[20] = "";
data/stormlib-9.22/src/SFileListFile.cpp:113:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pCache->szWildCard, szWildCard, cchWildCard);
data/stormlib-9.22/src/SFileListFile.cpp:587:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lpFindFileData->cFileName, szFileName, nLength);
data/stormlib-9.22/src/SFileOpenArchive.cpp:287:29: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData));
data/stormlib-9.22/src/SFileOpenFileEx.cpp:63:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, pPrefix->szPatchPrefix, pPrefix->nLength);
data/stormlib-9.22/src/SFileOpenFileEx.cpp:75:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileNameT[MAX_PATH];
data/stormlib-9.22/src/SFileOpenFileEx.cpp:111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameBuffer[MAX_PATH];
data/stormlib-9.22/src/SFilePatchArchives.cpp:215:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbTarget, pbSource, pPatcher->cbFileData);
data/stormlib-9.22/src/SFilePatchArchives.cpp:277:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:298:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:336:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFullPatch, &PatchHeader, sizeof(MPQ_PATCH_HEADER));
data/stormlib-9.22/src/SFilePatchArchives.cpp:404:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPatcher->this_md5, pFullPatch->md5_after_patch, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/SFilePatchArchives.cpp:429:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pNewPrefix->szPatchPrefix, szFileName, nLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:445:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTempName[MAX_SC2_PATCH_PREFIX + 0x41];
data/stormlib-9.22/src/SFilePatchArchives.cpp:453:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szTempName, szPatchPrefix, nLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:454:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&szTempName[nLength], "\\(patch_metadata)", 18);
data/stormlib-9.22/src/SFilePatchArchives.cpp:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName[0x40];
data/stormlib-9.22/src/SFilePatchArchives.cpp:518:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szFileName, pMpqInfo->szNameTemplate, pMpqInfo->nLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:525:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szFileName + pMpqInfo->nLength, "-md5.lst", 9);
data/stormlib-9.22/src/SFilePatchArchives.cpp:547:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNamePrefix[0x08];
data/stormlib-9.22/src/SFilePatchArchives.cpp:585:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPatchPrefix[MAX_SC2_PATCH_PREFIX+0x41];
data/stormlib-9.22/src/SFilePatchArchives.cpp:679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileData[MAX_PATH+1];
data/stormlib-9.22/src/SFilePatchArchives.cpp:714:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szPatchPrefix, szLinePtr, nLength);
data/stormlib-9.22/src/SFilePatchArchives.cpp:733:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szHelperFile[MAX_PATH+1];
data/stormlib-9.22/src/SFilePatchArchives.cpp:734:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPatchPrefix[MAX_SC2_PATCH_PREFIX+0x41];
data/stormlib-9.22/src/SFilePatchArchives.cpp:742:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szHelperFile, _T("-PATCH"));
data/stormlib-9.22/src/SFilePatchArchives.cpp:951:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pPatcher->this_md5, hf->pFileEntry->md5, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/SFileReadFile.cpp:195:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutSector, pbInSector, dwBytesInThisSector);
data/stormlib-9.22/src/SFileReadFile.cpp:316:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->pbFileSector, pbRawData, hf->dwDataSize);
data/stormlib-9.22/src/SFileReadFile.cpp:343:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvBuffer, hf->pbFileSector + dwFilePos, dwToRead);
data/stormlib-9.22/src/SFileReadFile.cpp:413:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hf->pbFileSector, pbRawData, hf->dwDataSize);
data/stormlib-9.22/src/SFileReadFile.cpp:440:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvBuffer, hf->pbFileSector + dwFilePos, dwToRead);
data/stormlib-9.22/src/SFileReadFile.cpp:514:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbBuffer, hf->pbFileSector + dwBufferOffs, dwToCopy);
data/stormlib-9.22/src/SFileReadFile.cpp:562:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbBuffer, hf->pbFileSector, dwToCopy);
data/stormlib-9.22/src/SFileReadFile.cpp:616:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pvBuffer, hf->pbFileData + dwFilePos, dwToRead);
data/stormlib-9.22/src/SFileVerify.cpp:118:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char decoded_key[0x200];
data/stormlib-9.22/src/SFileVerify.cpp:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMapHeader[0x200];
data/stormlib-9.22/src/SFileVerify.cpp:264:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char szUpperCase[0x200];
data/stormlib-9.22/src/SFileVerify.cpp:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPlainName[MAX_PATH];
data/stormlib-9.22/src/SFileVerify.cpp:330:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state));
data/stormlib-9.22/src/SFileVerify.cpp:333:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state));
data/stormlib-9.22/src/SFileVerify.cpp:338:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state));
data/stormlib-9.22/src/SFileVerify.cpp:458:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(RevSignature, &pSI->Signature[8], MPQ_WEAK_SIGNATURE_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:495:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char reversed_signature[MPQ_STRONG_SIGNATURE_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:496:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Sha1Digest_tail0[SHA1_DIGEST_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:497:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Sha1Digest_tail1[SHA1_DIGEST_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:498:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Sha1Digest_tail2[SHA1_DIGEST_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:499:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char padded_digest[MPQ_STRONG_SIGNATURE_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:508:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(reversed_signature, &pSI->Signature[4], MPQ_STRONG_SIGNATURE_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:517:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:524:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_digest + digest_offset, Sha1Digest_tail1, SHA1_DIGEST_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:531:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_digest + digest_offset, Sha1Digest_tail2, SHA1_DIGEST_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:538:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:545:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE);
data/stormlib-9.22/src/SFileVerify.cpp:563:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char md5[MD5_DIGEST_SIZE];
data/stormlib-9.22/src/SFileVerify.cpp:717:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMD5, md5, MD5_DIGEST_SIZE);
data/stormlib-9.22/src/StormCommon.h:130:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char AsciiToLowerTable[256];
data/stormlib-9.22/src/StormCommon.h:131:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern unsigned char AsciiToUpperTable[256];
data/stormlib-9.22/src/StormLib.h:610:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_BlockTable[MD5_DIGEST_SIZE]; // MD5 of the block table before decryption
data/stormlib-9.22/src/StormLib.h:611:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_HashTable[MD5_DIGEST_SIZE]; // MD5 of the hash table before decryption
data/stormlib-9.22/src/StormLib.h:612:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_HiBlockTable[MD5_DIGEST_SIZE]; // MD5 of the hi-block table
data/stormlib-9.22/src/StormLib.h:613:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_BetTable[MD5_DIGEST_SIZE]; // MD5 of the BET table before decryption
data/stormlib-9.22/src/StormLib.h:614:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_HetTable[MD5_DIGEST_SIZE]; // MD5 of the HET table before decryption
data/stormlib-9.22/src/StormLib.h:615:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char MD5_MpqHeader[MD5_DIGEST_SIZE]; // MD5 of the MPQ header from signature to (including) MD5_HetTable
data/stormlib-9.22/src/StormLib.h:800:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPatchPrefix[1]; // Patch name prefix (variable length). If not empty, it always starts with backslash.
data/stormlib-9.22/src/StormLib.h:891:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hctx[HASH_STATE_SIZE]; // Hash state for MD5. Used when saving file to MPQ
data/stormlib-9.22/src/StormLib.h:904:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cFileName[MAX_PATH]; // Full name of the found file
data/stormlib-9.22/src/adpcm/adpcm_old.cpp:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/stormlib-9.22/src/bzip2/bzlib.c:1391:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unused[BZ_MAX_UNUSED];
data/stormlib-9.22/src/bzip2/bzlib.c:1394:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mode2[10] = "";
data/stormlib-9.22/src/bzip2/bzlib.c:1426:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path,mode2);
data/stormlib-9.22/src/huffman/huff.cpp:225:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char * WeightTables[0x09] =
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:58:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Worder[64] = {
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:65:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char Rorder[64] = {
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:320:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[16];
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:347:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[16];
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:352:34: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:252:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hash[20];
data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:267:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char tmp[20];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:28:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[33][16];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:68:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char S[32], start;
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:81:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:82:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:114:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char key[10];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:222:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:240:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:254:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:276:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ctr[MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:292:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[16],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:305:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PC[16][256][16];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:320:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char IV[MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h:55:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#ifdef memcpy
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h:58:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define XMEMCPY memcpy
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:6:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[128];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:22:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:38:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:52:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char chksum[16], X[48], buf[16];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:60:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:68:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:84:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:92:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[64];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:360:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:32:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char block[MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:59:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:106:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char N[MAXBLOCKSIZE];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:142:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char L[MAXBLOCKSIZE], /* L value */
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:236:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char H[16], /* multiplier */
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:251:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char PC[16][256][16] /* 16 tables of 8x128 */
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:297:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char state[16];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:318:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[3][MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:350:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char akey[MAXBLOCKSIZE],
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:5:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pool[MAXBLOCKSIZE];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:14:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[256];
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char K[32], /* the current key */
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[1];
data/stormlib-9.22/src/libtomcrypt/src/misc/base64_decode.c:21:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char map[256] = {
data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utctime.c:52:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[32];
data/stormlib-9.22/src/libtommath/bn_mp_is_square.c:19:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char rem_128[128] = {
data/stormlib-9.22/src/libtommath/bn_mp_is_square.c:30:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char rem_105[105] = {
data/stormlib-9.22/src/lzma/C/LzmaDec.c:781:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->tempBuf, src, inSize);
data/stormlib-9.22/src/lzma/C/LzmaDec.c:869:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, p->dic + dicPos, outSizeCur);
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:354:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:355:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:356:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:357:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:358:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:359:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:360:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:361:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:362:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:377:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:380:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i]));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:381:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRep, p->isRep, sizeof(p->isRep));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:382:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:383:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:384:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:385:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:386:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:387:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->reps, p->reps, sizeof(p->reps));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:388:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb));
data/stormlib-9.22/src/lzma/C/LzmaEnc.c:2101:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->data, data, size);
data/stormlib-9.22/src/pklib/implode.c:742:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
pWork->nChBits[nCount] = (unsigned char )(ChBitsAsc[nCount] + 1);
data/stormlib-9.22/src/pklib/implode.c:765:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWork->dist_codes, DistCode, sizeof(DistCode));
data/stormlib-9.22/src/pklib/implode.c:766:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pWork->dist_bits, DistBits, sizeof(DistBits));
data/stormlib-9.22/src/pklib/pklib.h:54:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dist_bits[0x40]; // 001C: Distance bits
data/stormlib-9.22/src/pklib/pklib.h:55:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dist_codes[0x40]; // 005C: Distance codes
data/stormlib-9.22/src/pklib/pklib.h:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char nChBits[0x306]; // 009C: Table of literal bit lengths to be put to the output stream
data/stormlib-9.22/src/pklib/pklib.h:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char out_buff[0x802]; // 1FCA: Compressed data
data/stormlib-9.22/src/pklib/pklib.h:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char work_buff[0x2204]; // 27CC: Work buffer
data/stormlib-9.22/src/pklib/pklib.h:95:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char out_buff[0x2204]; // 0030: Output circle buffer.
data/stormlib-9.22/src/pklib/pklib.h:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char in_buff[0x800]; // 2234: Buffer for data to be decompressed
data/stormlib-9.22/src/pklib/pklib.h:100:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char DistPosCodes[0x100]; // 2A34: Table of distance position codes
data/stormlib-9.22/src/pklib/pklib.h:101:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char LengthCodes[0x100]; // 2B34: Table of length codes
data/stormlib-9.22/src/pklib/pklib.h:102:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs2C34[0x100]; // 2C34: Buffer for
data/stormlib-9.22/src/pklib/pklib.h:103:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs2D34[0x100]; // 2D34: Buffer for
data/stormlib-9.22/src/pklib/pklib.h:104:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs2E34[0x80]; // 2EB4: Buffer for
data/stormlib-9.22/src/pklib/pklib.h:105:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char offs2EB4[0x100]; // 2EB4: Buffer for
data/stormlib-9.22/src/pklib/pklib.h:106:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ChBitsAsc[0x100]; // 2FB4: Buffer for
data/stormlib-9.22/src/pklib/pklib.h:107:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char DistBits[0x40]; // 30B4: Numbers of bytes to skip copied block length
data/stormlib-9.22/src/pklib/pklib.h:108:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char LenBits[0x10]; // 30F4: Numbers of bits for skip copied block length
data/stormlib-9.22/src/pklib/pklib.h:109:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ExLenBits[0x10]; // 3104: Number of valid bits for copied block
data/stormlib-9.22/src/sparse/sparse.cpp:90:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutBuffer, pbInBuffer, 0x80);
data/stormlib-9.22/src/sparse/sparse.cpp:110:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutBuffer, pbInBuffer, 1);
data/stormlib-9.22/src/sparse/sparse.cpp:127:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutBuffer, pbInBuffer, NumberOfNonZeros);
data/stormlib-9.22/src/sparse/sparse.cpp:198:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutBuffer, pbInBuffer, NumberOfNonZeros);
data/stormlib-9.22/src/sparse/sparse.cpp:266:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pbOutBuffer, pbInBuffer, cbChunkSize);
data/stormlib-9.22/src/zlib/crc32.c:163:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen("crc32.h", "w");
data/stormlib-9.22/src/zlib/inflate.c:607:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hbuf[4]; /* buffer for gzip header crc calculation */
data/stormlib-9.22/src/zlib/inflate.c:1350:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[4]; /* to restore bit buffer to byte string */
data/stormlib-9.22/src/zlib/trees.c:335:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *header = fopen("trees.h", "w");
data/stormlib-9.22/src/zlib/zutil.c:14:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * const z_errmsg[10] = {
data/stormlib-9.22/src/zlib/zutil.h:43:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */
data/stormlib-9.22/src/zlib/zutil.h:101:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512")
data/stormlib-9.22/src/zlib/zutil.h:175:30: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
# define F_OPEN(name, mode) fopen((name), (mode))
data/stormlib-9.22/src/zlib/zutil.h:234:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define zmemcpy memcpy
data/stormlib-9.22/test/StormTest.cpp:276:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR szMpqDirectory[MAX_PATH+1];
data/stormlib-9.22/test/StormTest.cpp:328:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHexaDigit[4];
data/stormlib-9.22/test/StormTest.cpp:355:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(szBuffer, szFileName, nLength);
data/stormlib-9.22/test/StormTest.cpp:619:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPathT[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:629:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sha1_digest[SHA1_DIGEST_SIZE];
data/stormlib-9.22/test/StormTest.cpp:705:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szSearchMask[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:729:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szDirEntryT[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:730:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDirEntryA[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:784:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szDirEntry[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:832:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szWorkBuff[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:848:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szSource, _T("\\*"));
data/stormlib-9.22/test/StormTest.cpp:850:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(szTarget, _T("\\*"));
data/stormlib-9.22/test/StormTest.cpp:898:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szSource[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:899:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szTarget[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:911:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:964:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPatchChain[0x400];
data/stormlib-9.22/test/StormTest.cpp:1042:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1149:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)pbDataBuffer, "This is a test data written to a file.");
data/stormlib-9.22/test/StormTest.cpp:1239:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName1[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1240:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName2[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1316:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szCopyPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1668:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szListFile[MAX_PATH] = _T("");
data/stormlib-9.22/test/StormTest.cpp:1669:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMostPatched[MAX_PATH] = "";
data/stormlib-9.22/test/StormTest.cpp:1755:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMpqName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1756:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1780:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMpqName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1781:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1821:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMpqName[MAX_PATH+1];
data/stormlib-9.22/test/StormTest.cpp:1822:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1893:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szPatchName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1907:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:1944:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2029:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName1[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2199:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName2[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileLine[0x40];
data/stormlib-9.22/test/StormTest.cpp:2231:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2270:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMirrorPath[MAX_PATH + MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2271:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMasterPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2342:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2561:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szListFileBuff[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2640:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMpqName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2641:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2685:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szListFileBuff[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2736:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMpqName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2737:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2757:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2821:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:2945:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMirrorPath[MAX_PATH + MAX_PATH]; // Combined name
data/stormlib-9.22/test/StormTest.cpp:2946:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMasterPath[MAX_PATH]; // Original (server) name
data/stormlib-9.22/test/StormTest.cpp:3150:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3226:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szShaFileName[MAX_PATH+1];
data/stormlib-9.22/test/StormTest.cpp:3227:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szSha1Text[0x40];
data/stormlib-9.22/test/StormTest.cpp:3228:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szSha1TextA[0x40];
data/stormlib-9.22/test/StormTest.cpp:3242:5: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(szExtension, _T(".sha"));
data/stormlib-9.22/test/StormTest.cpp:3507:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3698:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3724:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szFileName, "AddedFile%03u.txt", i);
data/stormlib-9.22/test/StormTest.cpp:3816:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3844:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szFileName, "AddFile_%04u.txt", i);
data/stormlib-9.22/test/StormTest.cpp:3906:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName1[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3907:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName2[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3908:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFullPath[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3911:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szArchivedName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:3934:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szArchivedName, "FileTest_%02u.exe", (unsigned int)i);
data/stormlib-9.22/test/StormTest.cpp:4064:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFileName[MAX_PATH]; // Source file to be added
data/stormlib-9.22/test/StormTest.cpp:4065:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szArchivedName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:4083:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szArchivedName, "WaveFile_%02u.wav", i + 1);
data/stormlib-9.22/test/StormTest.cpp:4124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szArchivedName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:4216:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szLocalFileName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:4217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szArchivedName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:4271:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szLocalFileName[MAX_PATH];
data/stormlib-9.22/test/StormTest.cpp:4272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szArchivedName[MAX_PATH];
data/stormlib-9.22/test/TLogHelper.cpp:80:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMainTitleT[0x80];
data/stormlib-9.22/test/TLogHelper.cpp:113:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szSaveMainTitle[0x80];
data/stormlib-9.22/test/TLogHelper.cpp:155:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szFormatBuff[0x200];
data/stormlib-9.22/test/TLogHelper.cpp:156:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR szMessage[0x200];
data/stormlib-9.22/test/TLogHelper.cpp:188:19: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nLength = _stprintf(szBuffer, _T(" (error code: %u)"), nError);
data/stormlib-9.22/test/TLogHelper.cpp:262:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFormatBuff[0x200];
data/stormlib-9.22/test/TLogHelper.cpp:263:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMessage[0x200];
data/stormlib-9.22/test/TLogHelper.cpp:295:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
nLength = sprintf(szBuffer, " (error code: %u)", nError);
data/stormlib-9.22/src/FileStream.cpp:225:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes_read = read((intptr_t)pStream->Base.File.hFile, pvBuffer, (size_t)dwBytesToRead);
data/stormlib-9.22/src/FileStream.cpp:2230:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nNameLength = _tcslen(pStream->szFileName);
data/stormlib-9.22/src/SBaseCommon.cpp:102:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchSource = strlen(szSource);
data/stormlib-9.22/src/SBaseCommon.cpp:115:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchTarget = strlen(szTarget);
data/stormlib-9.22/src/SBaseCommon.cpp:133:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchSource = strlen(szSource);
data/stormlib-9.22/src/SBaseCommon.cpp:147:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchSource = _tcslen(szSource);
data/stormlib-9.22/src/SBaseCommon.cpp:161:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchSource = _tcslen(szSource);
data/stormlib-9.22/src/SBaseCommon.cpp:174:24: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t cchTarget = _tcslen(szTarget);
data/stormlib-9.22/src/SBaseFileTable.cpp:1892:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pFileEntry->szFileName = STORM_ALLOC(char, strlen(szFileName) + 1);
data/stormlib-9.22/src/SFileFindFile.cpp:403:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nSize = sizeof(TMPQSearch) + strlen(szMask) + 1;
data/stormlib-9.22/src/SFileGetFileInfo.cpp:89:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchCharsNeeded += _tcslen(FileStream_GetFileName(hfTemp->ha->pStream)) + 1;
data/stormlib-9.22/src/SFileGetFileInfo.cpp:111:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = _tcslen(szFileName) + 1;
data/stormlib-9.22/src/SFileGetFileInfo.cpp:160:41: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbSrcFileInfo = (DWORD)(_tcslen((TCHAR *)pvSrcFileInfo) + 1) * sizeof(TCHAR);
data/stormlib-9.22/src/SFileGetFileInfo.cpp:624:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbSrcFileInfo += (DWORD)strlen(pFileEntry->szFileName) + 1;
data/stormlib-9.22/src/SFileListFile.cpp:99:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchWildCard = strlen(szWildCard) + 1;
data/stormlib-9.22/src/SFileListFile.cpp:341:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbListFile += strlen(SortTable[0]) + 2;
data/stormlib-9.22/src/SFileListFile.cpp:349:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cbListFile += strlen(SortTable[nIndex1]) + 2;
data/stormlib-9.22/src/SFilePatchArchives.cpp:420:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = strlen(szFileName);
data/stormlib-9.22/src/SFilePatchArchives.cpp:616:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const TCHAR * szPathEnd = szPathBegin + _tcslen(szPathBegin);
data/stormlib-9.22/src/SFilePatchArchives.cpp:740:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(_tcslen(szHelperFile) + 6 > MAX_PATH)
data/stormlib-9.22/src/SFileVerify.cpp:125:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szBase64Begin = szKeyBase64 + strlen("-----BEGIN PUBLIC KEY-----");
data/stormlib-9.22/src/SFileVerify.cpp:126:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szBase64End = szBase64Begin + strlen(szBase64Begin) - strlen("-----END PUBLIC KEY-----");
data/stormlib-9.22/src/SFileVerify.cpp:126:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szBase64End = szBase64Begin + strlen(szBase64Begin) - strlen("-----END PUBLIC KEY-----");
data/stormlib-9.22/src/StormPort.h:176:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/stormlib-9.22/src/StormPort.h:176:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/stormlib-9.22/src/bzip2/bzlib.c:909:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Int32 c = fgetc ( f );
data/stormlib-9.22/src/bzip2/bzlib.c:1419:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mode2,"b"); /* binary mode */
data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:352:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg));
data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:272:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg));
data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:95:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng);
data/stormlib-9.22/src/libtomcrypt/src/math/rand_prime.c:53:34: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (prng_descriptor[wprng].read(buf, len, prng) != (unsigned long)len) {
data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c:88:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (prng_descriptor[prng_idx].read(salt, saltlen, prng) != saltlen) {
data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c:77:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) {
data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c:85:39: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) {
data/stormlib-9.22/src/libtommath/bn_mp_fread.c:27:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(stream);
data/stormlib-9.22/src/libtommath/bn_mp_fread.c:30:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(stream);
data/stormlib-9.22/src/libtommath/bn_mp_fread.c:54:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(stream);
data/stormlib-9.22/test/StormTest.cpp:351:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szExtension = szFileName + strlen(szFileName);
data/stormlib-9.22/test/StormTest.cpp:577:43: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(szSubDir != NULL && (nLength = _tcslen(szSubDir)) != 0)
data/stormlib-9.22/test/StormTest.cpp:590:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(szNamePart1 != NULL && (nLength = _tcslen(szNamePart1)) != 0)
data/stormlib-9.22/test/StormTest.cpp:603:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(szNamePart2 != NULL && (nLength = _tcslen(szNamePart2)) != 0)
data/stormlib-9.22/test/StormTest.cpp:795:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nLength = _tcslen(szDirectory);
data/stormlib-9.22/test/StormTest.cpp:929:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cchMpqDirectory = _tcslen(szMpqDirectory);
data/stormlib-9.22/test/StormTest.cpp:995:45: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szPatchName = szPatchName + _tcslen(szPatchName) + 1;
data/stormlib-9.22/test/StormTest.cpp:1989:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwFileSize = (DWORD)strlen(szFileData);
data/stormlib-9.22/test/StormTest.cpp:3334:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DWORD dwFileSize = (DWORD)strlen(szFileData);
data/stormlib-9.22/test/TLogHelper.cpp:379:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return szBuffer + _tcslen(szStringFormat);
data/stormlib-9.22/test/TLogHelper.cpp:387:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return szBuffer + _tcslen(szUint64Format);
data/stormlib-9.22/test/TLogHelper.cpp:409:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return szBuffer + strlen(szStringFormat);
data/stormlib-9.22/test/TLogHelper.cpp:417:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return szBuffer + strlen(szUint64Format);
ANALYSIS SUMMARY:
Hits = 438
Lines analyzed = 75564 in approximately 1.87 seconds (40333 lines/second)
Physical Source Lines of Code (SLOC) = 48054
Hits@level = [0] 139 [1] 50 [2] 331 [3] 2 [4] 55 [5] 0
Hits@level+ = [0+] 577 [1+] 438 [2+] 388 [3+] 57 [4+] 55 [5+] 0
Hits/KSLOC@level+ = [0+] 12.0073 [1+] 9.11475 [2+] 8.07425 [3+] 1.18617 [4+] 1.14455 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.