Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tenmado-0.10/chain.c
Examining data/tenmado-0.10/chain.h
Examining data/tenmado-0.10/const.h
Examining data/tenmado-0.10/esc-ok.c
Examining data/tenmado-0.10/esc-ok.h
Examining data/tenmado-0.10/hit-status.c
Examining data/tenmado-0.10/hit-status.h
Examining data/tenmado-0.10/loop.c
Examining data/tenmado-0.10/loop.h
Examining data/tenmado-0.10/main.c
Examining data/tenmado-0.10/option.c
Examining data/tenmado-0.10/option.h
Examining data/tenmado-0.10/pause.c
Examining data/tenmado-0.10/pause.h
Examining data/tenmado-0.10/score.c
Examining data/tenmado-0.10/score.h
Examining data/tenmado-0.10/ship.c
Examining data/tenmado-0.10/ship.h
Examining data/tenmado-0.10/stage.c
Examining data/tenmado-0.10/stage.h
Examining data/tenmado-0.10/util.c
Examining data/tenmado-0.10/util.h
Examining data/tenmado-0.10/happy-L/balloon.c
Examining data/tenmado-0.10/happy-L/balloon.h
Examining data/tenmado-0.10/happy-L/close-system.c
Examining data/tenmado-0.10/happy-L/close-system.h
Examining data/tenmado-0.10/happy-L/disconnection.c
Examining data/tenmado-0.10/happy-L/disconnection.h
Examining data/tenmado-0.10/happy-L/ending.c
Examining data/tenmado-0.10/happy-L/ending.h
Examining data/tenmado-0.10/happy-L/explosion.c
Examining data/tenmado-0.10/happy-L/explosion.h
Examining data/tenmado-0.10/happy-L/fud.c
Examining data/tenmado-0.10/happy-L/fud.h
Examining data/tenmado-0.10/happy-L/high-score.c
Examining data/tenmado-0.10/happy-L/high-score.h
Examining data/tenmado-0.10/happy-L/image.c
Examining data/tenmado-0.10/happy-L/image.h
Examining data/tenmado-0.10/happy-L/intuition.c
Examining data/tenmado-0.10/happy-L/intuition.h
Examining data/tenmado-0.10/happy-L/laser.c
Examining data/tenmado-0.10/happy-L/laser.h
Examining data/tenmado-0.10/happy-L/last-boss.c
Examining data/tenmado-0.10/happy-L/last-boss.h
Examining data/tenmado-0.10/happy-L/message.c
Examining data/tenmado-0.10/happy-L/message.h
Examining data/tenmado-0.10/happy-L/midnight.c
Examining data/tenmado-0.10/happy-L/midnight.h
Examining data/tenmado-0.10/happy-L/normal-enemy.c
Examining data/tenmado-0.10/happy-L/normal-enemy.h
Examining data/tenmado-0.10/happy-L/normal-shot.c
Examining data/tenmado-0.10/happy-L/normal-shot.h
Examining data/tenmado-0.10/happy-L/overrun.c
Examining data/tenmado-0.10/happy-L/overrun.h
Examining data/tenmado-0.10/happy-L/player-shot.c
Examining data/tenmado-0.10/happy-L/player-shot.h
Examining data/tenmado-0.10/happy-L/player.c
Examining data/tenmado-0.10/happy-L/player.h
Examining data/tenmado-0.10/happy-L/result.c
Examining data/tenmado-0.10/happy-L/result.h
Examining data/tenmado-0.10/happy-L/rotate-laser.c
Examining data/tenmado-0.10/happy-L/rotate-laser.h
Examining data/tenmado-0.10/happy-L/scheduler.c
Examining data/tenmado-0.10/happy-L/scheduler.h
Examining data/tenmado-0.10/happy-L/solution.c
Examining data/tenmado-0.10/happy-L/solution.h
Examining data/tenmado-0.10/happy-L/stage-1.c
Examining data/tenmado-0.10/happy-L/stage-1.h
Examining data/tenmado-0.10/happy-L/stage-2.c
Examining data/tenmado-0.10/happy-L/stage-2.h
Examining data/tenmado-0.10/happy-L/stage-3.c
Examining data/tenmado-0.10/happy-L/stage-3.h
Examining data/tenmado-0.10/happy-L/stage-4.c
Examining data/tenmado-0.10/happy-L/stage-4.h
Examining data/tenmado-0.10/happy-L/stage-5.c
Examining data/tenmado-0.10/happy-L/stage-5.h
Examining data/tenmado-0.10/happy-L/stage-clear.c
Examining data/tenmado-0.10/happy-L/stage-clear.h
Examining data/tenmado-0.10/happy-L/title.c
Examining data/tenmado-0.10/happy-L/title.h
Examining data/tenmado-0.10/happy-L/tutorial.c
Examining data/tenmado-0.10/happy-L/tutorial.h
Examining data/tenmado-0.10/happy-L/wall.c
Examining data/tenmado-0.10/happy-L/wall.h
Examining data/tenmado-0.10/libbac/bac_lexical.c
Examining data/tenmado-0.10/libbac/bac_parser.c
Examining data/tenmado-0.10/libbac/bac_parser.h
Examining data/tenmado-0.10/libbac/bac_array.c
Examining data/tenmado-0.10/libbac/bac_array.h
Examining data/tenmado-0.10/libbac/bac_dump.c
Examining data/tenmado-0.10/libbac/bac_dump.h
Examining data/tenmado-0.10/libbac/bac_entry.c
Examining data/tenmado-0.10/libbac/bac_entry.h
Examining data/tenmado-0.10/libbac/bac_entry_to_string.c
Examining data/tenmado-0.10/libbac/bac_entry_to_string.h
Examining data/tenmado-0.10/libbac/bac_lexical.h
Examining data/tenmado-0.10/libbac/bac_load.c
Examining data/tenmado-0.10/libbac/bac_load.h
Examining data/tenmado-0.10/libbac/bac_parser_public.h
Examining data/tenmado-0.10/libbac/bac_save.c
Examining data/tenmado-0.10/libbac/bac_save.h
Examining data/tenmado-0.10/libbac/bac_string_to_array.c
Examining data/tenmado-0.10/libbac/bac_string_to_array.h
Examining data/tenmado-0.10/libbac/bac_truncate.c
Examining data/tenmado-0.10/libbac/bac_truncate.h
Examining data/tenmado-0.10/libtenm/tenm_collision.c
Examining data/tenmado-0.10/libtenm/tenm_collision.h
Examining data/tenmado-0.10/libtenm/tenm_graphic.c
Examining data/tenmado-0.10/libtenm/tenm_graphic.h
Examining data/tenmado-0.10/libtenm/tenm_input.c
Examining data/tenmado-0.10/libtenm/tenm_input.h
Examining data/tenmado-0.10/libtenm/tenm_math.c
Examining data/tenmado-0.10/libtenm/tenm_math.h
Examining data/tenmado-0.10/libtenm/tenm_object.c
Examining data/tenmado-0.10/libtenm/tenm_object.h
Examining data/tenmado-0.10/libtenm/tenm_primitive.c
Examining data/tenmado-0.10/libtenm/tenm_primitive.h
Examining data/tenmado-0.10/libtenm/tenm_sdl_init.c
Examining data/tenmado-0.10/libtenm/tenm_sdl_init.h
Examining data/tenmado-0.10/libtenm/tenm_table.c
Examining data/tenmado-0.10/libtenm/tenm_table.h
Examining data/tenmado-0.10/libtenm/tenm_timer.c
Examining data/tenmado-0.10/libtenm/tenm_timer.h
FINAL RESULTS:
data/tenmado-0.10/happy-L/high-score.c:689:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(temp, DEFAULT_DIR);
data/tenmado-0.10/libbac/bac_entry_to_string.c:133:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(temp + length_used,
data/tenmado-0.10/libbac/bac_parser.c:722:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define YYFPRINTF fprintf
data/tenmado-0.10/main.c:88:3: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned int) time(NULL));
data/tenmado-0.10/chain.c:215:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/tenmado-0.10/chain.c:221:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "chain %3d", chain);
data/tenmado-0.10/happy-L/ending.c:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tenmado-0.10/happy-L/ending.c:38:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "ship bonus: %8d", get_ship() * 30000);
data/tenmado-0.10/happy-L/high-score.c:241:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[40];
data/tenmado-0.10/happy-L/high-score.c:357:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "tenmado high score (version %.9s)", VERSION);
data/tenmado-0.10/happy-L/high-score.c:364:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "total score");
data/tenmado-0.10/happy-L/high-score.c:366:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "final stage");
data/tenmado-0.10/happy-L/high-score.c:368:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "stage %d", stage);
data/tenmado-0.10/happy-L/high-score.c:370:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "stage ?");
data/tenmado-0.10/happy-L/high-score.c:406:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "%3d %8d ", i + rank + 1,
data/tenmado-0.10/happy-L/high-score.c:411:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:414:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:418:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:593:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_default, "r");
data/tenmado-0.10/happy-L/high-score.c:654:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "score-total.db3");
data/tenmado-0.10/happy-L/high-score.c:656:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "score-stage-%d.db3", stage);
data/tenmado-0.10/happy-L/high-score.c:659:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "score-total.txt");
data/tenmado-0.10/happy-L/high-score.c:661:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "score-stage-%d.txt", stage);
data/tenmado-0.10/happy-L/high-score.c:693:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + strlen(temp),
data/tenmado-0.10/happy-L/high-score.c:696:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + strlen(temp),
data/tenmado-0.10/happy-L/result.c:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tenmado-0.10/happy-L/result.c:88:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "version %.20s", VERSION);
data/tenmado-0.10/happy-L/result.c:96:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "player: %-12.12s",
data/tenmado-0.10/happy-L/result.c:99:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "player: (uid %5d)",
data/tenmado-0.10/happy-L/result.c:107:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "total score: %8d", get_score());
data/tenmado-0.10/happy-L/result.c:119:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "stage %1d: %8d", i, get_stage_score(i));
data/tenmado-0.10/happy-L/result.c:129:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "final stage: %8d", get_stage_score(5));
data/tenmado-0.10/happy-L/result.c:141:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "ship bonus: %8d", get_stage_score(6));
data/tenmado-0.10/happy-L/result.c:217:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[8];
data/tenmado-0.10/happy-L/result.c:233:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "(#%3d)", i + 1);
data/tenmado-0.10/happy-L/stage-clear.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tenmado-0.10/happy-L/stage-clear.c:95:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "stage %d cleared", my->count[1]);
data/tenmado-0.10/happy-L/stage-clear.c:100:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "final stage cleared");
data/tenmado-0.10/happy-L/stage-clear.c:111:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "stage score: %8d", get_stage_score(my->count[1]));
data/tenmado-0.10/happy-L/title.c:38:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tenmado-0.10/happy-L/title.c:145:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "version %.20s", VERSION);
data/tenmado-0.10/hit-status.c:12:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hit_status[64];
data/tenmado-0.10/hit-status.c:24:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hit_status, "%4d/%4d %.50s", remaining, hit_point, name);
data/tenmado-0.10/libbac/bac_entry.c:172:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + length_used, "\\x%x", p[i]);
data/tenmado-0.10/libbac/bac_entry_to_string.c:114:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "Entry-Version\t%d\n"
data/tenmado-0.10/libbac/bac_entry_to_string.c:145:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + length_used,
data/tenmado-0.10/libbac/bac_entry_to_string.c:162:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp + length_used,
data/tenmado-0.10/libbac/bac_load.c:90:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbenvp->open(dbenvp, dir,
data/tenmado-0.10/libbac/bac_load.c:106:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbp->open(dbp, file, NULL, DB_RECNO,
data/tenmado-0.10/libbac/bac_load.c:296:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_abs, "r");
data/tenmado-0.10/libbac/bac_parser.c:1019:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char const *yyarg[YYERROR_VERBOSE_ARGS_MAXIMUM];
data/tenmado-0.10/libbac/bac_parser.c:1036:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yyformat[sizeof yyunexpected
data/tenmado-0.10/libbac/bac_parser.c:1204:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yymsgbuf[128];
data/tenmado-0.10/libbac/bac_save.c:75:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbenvp->open(dbenvp, dir,
data/tenmado-0.10/libbac/bac_save.c:91:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbp->open(dbp, file, NULL, DB_RECNO,
data/tenmado-0.10/libbac/bac_save.c:194:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(file_abs, "a");
data/tenmado-0.10/libbac/bac_truncate.c:83:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbenvp->open(dbenvp, dir,
data/tenmado-0.10/libbac/bac_truncate.c:100:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
status = dbp->open(dbp, file, NULL, DB_RECNO,
data/tenmado-0.10/score.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[32];
data/tenmado-0.10/score.c:82:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "score %8d", score);
data/tenmado-0.10/ship.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[16];
data/tenmado-0.10/ship.c:46:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "ship %3d", ship);
data/tenmado-0.10/chain.c:222:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(WINDOW_WIDTH - 90, 10, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/ending.c:41:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(temp))) < 0)
data/tenmado-0.10/happy-L/high-score.c:359:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(30, 30, string, (int) strlen(string)) != 0)
data/tenmado-0.10/happy-L/high-score.c:372:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(180, 60, string, (int) strlen(string)) != 0)
data/tenmado-0.10/happy-L/high-score.c:411:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:414:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:418:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string),
data/tenmado-0.10/happy-L/high-score.c:422:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(30, 120 + 30 * i, string, (int) strlen(string)) != 0)
data/tenmado-0.10/happy-L/high-score.c:681:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(DEFAULT_DIR) + 20;
data/tenmado-0.10/happy-L/high-score.c:693:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(temp + strlen(temp),
data/tenmado-0.10/happy-L/high-score.c:696:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(temp + strlen(temp),
data/tenmado-0.10/happy-L/result.c:89:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, 120, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:102:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, 180, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:108:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, 210, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:120:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, y, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:130:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, 390, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:142:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(100, 420, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/result.c:235:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(300, y, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/stage-clear.c:104:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(x, 240, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/stage-clear.c:112:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(150, 270, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/title.c:146:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(80, 120, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/happy-L/title.c:168:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(180, 300 + 30 * i, string, (int) strlen(string)) != 0)
data/tenmado-0.10/happy-L/title.c:176:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(int) strlen(COPYRIGHT_STRING)) != 0)
data/tenmado-0.10/hit-status.c:35:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(10, 10, hit_status, (int) strlen(hit_status)) != 0)
data/tenmado-0.10/libbac/bac_entry.c:136:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(p);
data/tenmado-0.10/libbac/bac_entry.c:162:67: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sizeof(char) * (length_allocated + strlen("\\")
data/tenmado-0.10/libbac/bac_entry.c:171:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_allocated += strlen("\\") + CHAR_BIT * sizeof(char);
data/tenmado-0.10/libbac/bac_entry.c:175:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_used = strlen(temp);
data/tenmado-0.10/libbac/bac_entry_to_string.c:70:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Entry-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:70:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Entry-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:70:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Entry-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:73:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Stage-Data-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:73:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Stage-Data-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:73:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Stage-Data-Version") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:76:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("When") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:76:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("When") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:76:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("When") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:79:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Uid") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:79:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Uid") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:79:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Uid") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:85:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("User-Name") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:85:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("User-Name") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:85:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("User-Name") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:86:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen(((bac_entry_ver_0 *) entry)->user_name);
data/tenmado-0.10/libbac/bac_entry_to_string.c:89:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Sort") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:89:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Sort") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:89:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Sort") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:92:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Total") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:92:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Total") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:92:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Score-Total") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:95:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Number-Stage") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:95:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Number-Stage") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:95:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("Number-Stage") + strlen("\t") + strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:98:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += (strlen("Score-Stage") + strlen("\t") * 2 + strlen("\n"))
data/tenmado-0.10/libbac/bac_entry_to_string.c:98:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += (strlen("Score-Stage") + strlen("\t") * 2 + strlen("\n"))
data/tenmado-0.10/libbac/bac_entry_to_string.c:98:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += (strlen("Score-Stage") + strlen("\t") * 2 + strlen("\n"))
data/tenmado-0.10/libbac/bac_entry_to_string.c:103:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length += strlen("\n");
data/tenmado-0.10/libbac/bac_entry_to_string.c:124:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_used = strlen(temp);
data/tenmado-0.10/libbac/bac_entry_to_string.c:137:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_used = strlen(temp);
data/tenmado-0.10/libbac/bac_entry_to_string.c:155:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_used = strlen(temp);
data/tenmado-0.10/libbac/bac_entry_to_string.c:168:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length_used = strlen(temp);
data/tenmado-0.10/libbac/bac_lexical.c:1329:14: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
(c = getc( bac_in )) != EOF && c != '\n'; ++n ) \
data/tenmado-0.10/libbac/bac_lexical.c:1584:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bac_lval.val_string = (char *) malloc(sizeof (char) * (strlen(bac_text) + 1));
data/tenmado-0.10/libbac/bac_lexical.c:1590:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bac_lval.val_string, bac_text, strlen(bac_text));
data/tenmado-0.10/libbac/bac_lexical.c:1590:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(bac_lval.val_string, bac_text, strlen(bac_text));
data/tenmado-0.10/libbac/bac_lexical.c:1591:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bac_lval.val_string[strlen(bac_text)] = '\0';
data/tenmado-0.10/libbac/bac_lexical.c:2328:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return bac__scan_bytes(yystr,strlen(yystr) );
data/tenmado-0.10/libbac/bac_load.c:254:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_load.c:254:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_load.c:261:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs, dir, length);
data/tenmado-0.10/libbac/bac_load.c:263:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_load.c:263:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_load.c:263:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_parser.c:900:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define yystrlen strlen
data/tenmado-0.10/libbac/bac_save.c:116:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data.size = sizeof(char) * (strlen(data.data) + 1);
data/tenmado-0.10/libbac/bac_save.c:173:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_save.c:173:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_save.c:180:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs, dir, length);
data/tenmado-0.10/libbac/bac_save.c:182:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_save.c:182:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_save.c:182:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_truncate.c:229:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_truncate.c:229:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(dir) + strlen(file) + 1;
data/tenmado-0.10/libbac/bac_truncate.c:236:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs, dir, length);
data/tenmado-0.10/libbac/bac_truncate.c:238:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_truncate.c:238:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libbac/bac_truncate.c:238:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(file_abs + strlen(file_abs), file, length - strlen(file_abs));
data/tenmado-0.10/libtenm/tenm_object.c:94:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->name = (char *) malloc(sizeof(char) * (strlen(name) + 1));
data/tenmado-0.10/libtenm/tenm_object.c:101:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp->name, name, strlen(name));
data/tenmado-0.10/libtenm/tenm_object.c:101:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(temp->name, name, strlen(name));
data/tenmado-0.10/libtenm/tenm_object.c:102:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp->name[strlen(name)] = '\0';
data/tenmado-0.10/score.c:83:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (draw_string(10, WINDOW_HEIGHT - 10, temp, (int) strlen(temp)) != 0)
data/tenmado-0.10/ship.c:48:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp, (int) strlen(temp)) != 0)
ANALYSIS SUMMARY:
Hits = 155
Lines analyzed = 32589 in approximately 0.82 seconds (39602 lines/second)
Physical Source Lines of Code (SLOC) = 26035
Hits@level = [0] 969 [1] 93 [2] 58 [3] 1 [4] 3 [5] 0
Hits@level+ = [0+] 1124 [1+] 155 [2+] 62 [3+] 4 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 43.1727 [1+] 5.95352 [2+] 2.38141 [3+] 0.153639 [4+] 0.115229 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.