Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/unmass-0.9/kdev/src/unmassc.cpp
Examining data/unmass-0.9/kdev/src/utools.h
Examining data/unmass-0.9/kdev/src/massfs.h
Examining data/unmass-0.9/kdev/src/ma_wtn.h
Examining data/unmass-0.9/kdev/src/ma_wad2.h
Examining data/unmass-0.9/kdev/src/ma_vol.h
Examining data/unmass-0.9/kdev/src/ma_vf1bi.h
Examining data/unmass-0.9/kdev/src/ma_umod.h
Examining data/unmass-0.9/kdev/src/ma_swine.h
Examining data/unmass-0.9/kdev/src/ma_roll.h
Examining data/unmass-0.9/kdev/src/ma_pbo.h
Examining data/unmass-0.9/kdev/src/ma_pak.h
Examining data/unmass-0.9/kdev/src/ma_oni_d.h
Examining data/unmass-0.9/kdev/src/ma_moor3.h
Examining data/unmass-0.9/kdev/src/ma_mgs.h
Examining data/unmass-0.9/kdev/src/ma_mgmwb.h
Examining data/unmass-0.9/kdev/src/ma_mgmnl.h
Examining data/unmass-0.9/kdev/src/ma_mea.h
Examining data/unmass-0.9/kdev/src/ma_lgp.h
Examining data/unmass-0.9/kdev/src/ma_lbx.h
Examining data/unmass-0.9/kdev/src/ma_jpga.h
Examining data/unmass-0.9/kdev/src/ma_ipwad.h
Examining data/unmass-0.9/kdev/src/ma_gunme.h
Examining data/unmass-0.9/kdev/src/ma_grp.h
Examining data/unmass-0.9/kdev/src/ma_fpk.h
Examining data/unmass-0.9/kdev/src/ma_ff8.h
Examining data/unmass-0.9/kdev/src/ma_eth2.h
Examining data/unmass-0.9/kdev/src/ma_ecou.h
Examining data/unmass-0.9/kdev/src/ma_dune2.h
Examining data/unmass-0.9/kdev/src/ma_crism.h
Examining data/unmass-0.9/kdev/src/ma_bif.h
Examining data/unmass-0.9/kdev/src/ma.h
Examining data/unmass-0.9/kdev/src/utools.cpp
Examining data/unmass-0.9/kdev/src/massfs.cpp
Examining data/unmass-0.9/kdev/src/ma_wtn.cpp
Examining data/unmass-0.9/kdev/src/ma_wad2.cpp
Examining data/unmass-0.9/kdev/src/ma_vol.cpp
Examining data/unmass-0.9/kdev/src/ma_vf1bi.cpp
Examining data/unmass-0.9/kdev/src/ma_umod.cpp
Examining data/unmass-0.9/kdev/src/ma_swine.cpp
Examining data/unmass-0.9/kdev/src/ma_roll.cpp
Examining data/unmass-0.9/kdev/src/ma_pbo.cpp
Examining data/unmass-0.9/kdev/src/ma_pak.cpp
Examining data/unmass-0.9/kdev/src/ma_oni_d.cpp
Examining data/unmass-0.9/kdev/src/ma_moor3.cpp
Examining data/unmass-0.9/kdev/src/ma_mgs.cpp
Examining data/unmass-0.9/kdev/src/ma_mgmwb.cpp
Examining data/unmass-0.9/kdev/src/ma_mgmnl.cpp
Examining data/unmass-0.9/kdev/src/ma_mea.cpp
Examining data/unmass-0.9/kdev/src/ma_lgp.cpp
Examining data/unmass-0.9/kdev/src/ma_lbx.cpp
Examining data/unmass-0.9/kdev/src/ma_jpga.cpp
Examining data/unmass-0.9/kdev/src/ma_ipwad.cpp
Examining data/unmass-0.9/kdev/src/ma_gunme.cpp
Examining data/unmass-0.9/kdev/src/ma_grp.cpp
Examining data/unmass-0.9/kdev/src/ma_fpk.cpp
Examining data/unmass-0.9/kdev/src/ma_ff8.cpp
Examining data/unmass-0.9/kdev/src/ma_eth2.cpp
Examining data/unmass-0.9/kdev/src/ma_ecou.cpp
Examining data/unmass-0.9/kdev/src/ma_dune2.cpp
Examining data/unmass-0.9/kdev/src/ma_crism.cpp
Examining data/unmass-0.9/kdev/src/ma_bif.cpp
Examining data/unmass-0.9/kdev/src/ma.cpp
Examining data/unmass-0.9/kdev/charchtype.h
Examining data/unmass-0.9/kdev/charchtype.cpp
Examining data/unmass-0.9/vc6/unmassaboutdlg.cpp
Examining data/unmass-0.9/vc6/unmassaboutdlg.h
Examining data/unmass-0.9/vc6/unmasswdlg.cpp
Examining data/unmass-0.9/vc6/stdafx.cpp
Examining data/unmass-0.9/vc6/wndsize.h
Examining data/unmass-0.9/vc6/wndsize.cpp
Examining data/unmass-0.9/vc6/resource.h
Examining data/unmass-0.9/vc6/stdafx.h
Examining data/unmass-0.9/vc6/unmasswdlg.h
Examining data/unmass-0.9/vc6/unmassw.h
Examining data/unmass-0.9/vc6/unmassw.cpp
FINAL RESULTS:
data/unmass-0.9/kdev/src/ma_bif.cpp:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( FileRec.name, "file%04lu.%s", next_rec_num - 1, ext );
data/unmass-0.9/kdev/src/ma_ff8.cpp:28:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "%s%s", MassFilePath, MassFileName );
data/unmass-0.9/kdev/src/ma_ff8.cpp:31:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( fsName, str );
data/unmass-0.9/kdev/src/ma_ff8.cpp:40:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( flName, str );
data/unmass-0.9/kdev/src/ma_mea.cpp:91:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( FileRec.name, "%s.exe", MassFileName );
data/unmass-0.9/kdev/src/ma_mgmnl.cpp:110:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( FileRec.name, buf );
data/unmass-0.9/kdev/src/ma_mgmwb.cpp:110:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat( FileRec.name, buf );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:31:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( RawFileName, "%s%s.raw", MassFilePath, MassFileName );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:139:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( FileRec.name, "%05lu-%s", num, str );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:154:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( FileRec.name, "%05lu-.%s", num, FileRec.type );
data/unmass-0.9/kdev/src/ma_roll.cpp:29:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( ImgFileName, "%s%s", MassFilePath, MassFileName );
data/unmass-0.9/kdev/src/massfs.cpp:309:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "Creating [%s] ...", newname );
data/unmass-0.9/kdev/src/massfs.cpp:313:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( error, "Error creating [%s].", newname );
data/unmass-0.9/kdev/src/massfs.cpp:350:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "Extracted [%s]", newname );
data/unmass-0.9/kdev/src/massfs.cpp:381:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "Creating dir [%s]", path );
data/unmass-0.9/kdev/src/utools.cpp:59:2: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf( format, argptr );
data/unmass-0.9/vc6/unmasswdlg.cpp:97:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( TempDir, ProgramPath );
data/unmass-0.9/vc6/unmasswdlg.cpp:121:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( OpenDir, OutputDir );
data/unmass-0.9/vc6/unmasswdlg.cpp:243:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mass.FileRec.name, "%s\\%s",
data/unmass-0.9/vc6/unmasswdlg.cpp:309:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "%s\\*.*", TempDir );
data/unmass-0.9/vc6/unmasswdlg.cpp:315:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( str, "%s\\%s", TempDir, find.name );
data/unmass-0.9/vc6/unmasswdlg.cpp:393:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( name, FileInfo[ InListPos[ j ] ].FileRec.name );
data/unmass-0.9/vc6/unmasswdlg.cpp:407:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( type, FileInfo[ InListPos[ j ] ].FileRec.type );
data/unmass-0.9/vc6/unmasswdlg.cpp:605:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf( mass.FileRec.name, "%s\\%s",
data/unmass-0.9/vc6/unmasswdlg.cpp:616:16: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
res = (int) ShellExecute( NULL, "open", mass.FileRec.name, NULL, NULL, SW_SHOW );
data/unmass-0.9/kdev/src/ma.cpp:78:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
massf = fopen( filename, "rb" );
data/unmass-0.9/kdev/src/ma.cpp:253:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
massf = fopen( MassFileNameFull, "r+b" );
data/unmass-0.9/kdev/src/ma.cpp:258:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
massf = fopen( MassFileNameFull, "rb" );
data/unmass-0.9/kdev/src/ma.h:186:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ FileNameWithPathMaxLen ]; // file name
data/unmass-0.9/kdev/src/ma.h:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[ TypeMaxLen ];
data/unmass-0.9/kdev/src/ma.h:208:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MassFileNameFull[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma.h:209:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MassFileName [ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma.h:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MassFileExt [ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma.h:211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MassFilePath [ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma.h:238:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[ error_string_maxlen + 1 ];
data/unmass-0.9/kdev/src/ma_bif.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_bif.cpp:94:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy( ext, "bmp" );
data/unmass-0.9/kdev/src/ma_bif.h:25:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ 10 ];
data/unmass-0.9/kdev/src/ma_bif.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ext[ 5 ];
data/unmass-0.9/kdev/src/ma_crism.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 4 ];
data/unmass-0.9/kdev/src/ma_crism.h:16:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_dune2.h:20:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ dune2NameLen ];
data/unmass-0.9/kdev/src/ma_ecou.cpp:23:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_ecou.cpp:35:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[ 9 ];
data/unmass-0.9/kdev/src/ma_ecou.cpp:49:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
files_count = atol( count );
data/unmass-0.9/kdev/src/ma_ecou.cpp:100:18: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
EcouRec.size = atol( EcouRec.size_c );
data/unmass-0.9/kdev/src/ma_ecou.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_ecou.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char size_c[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_eth2.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_ff8.cpp:19:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_ff8.cpp:32:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( fsName, ".fs" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:34:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( fsName, "rb" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:41:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( flName, ".fl" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:43:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fl = fopen( flName, "rb" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:76:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fl = fopen( flName, "rb" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:102:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, str[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_ff8.cpp:280:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ FF8bufferSize * 3 ];
data/unmass-0.9/kdev/src/ma_ff8.cpp:287:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char control, ch, ctrlcnt, cha[2];
data/unmass-0.9/kdev/src/ma_ff8.cpp:290:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs = fopen( fsName, "rb" );
data/unmass-0.9/kdev/src/ma_ff8.cpp:366:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &buf[ outpos ], &buf[ src ], sz );
data/unmass-0.9/kdev/src/ma_ff8.cpp:375:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &buf[ 0 ], &buf[ FF8bufferSize ], FF8bufferSize );
data/unmass-0.9/kdev/src/ma_ff8.cpp:376:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &buf[ FF8bufferSize ], &buf[ 2*FF8bufferSize ], FF8bufferSize );
data/unmass-0.9/kdev/src/ma_ff8.h:26:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fsName[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_ff8.h:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flName[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_fpk.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_fpk.h:29:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_fpk.h:30:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u1[ 2 ], u3[ 30 ], u2[ 6 ];
data/unmass-0.9/kdev/src/ma_grp.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_grp.cpp:89:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( FileRec.name, grpRec.name, 12 );
data/unmass-0.9/kdev/src/ma_grp.h:19:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ grpNameLen ];
data/unmass-0.9/kdev/src/ma_gunme.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 4 ];
data/unmass-0.9/kdev/src/ma_gunme.cpp:100:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ 4 ];
data/unmass-0.9/kdev/src/ma_gunme.cpp:106:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "File %i", (int) num );
data/unmass-0.9/kdev/src/ma_gunme.cpp:109:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, ".wav" );
data/unmass-0.9/kdev/src/ma_gunme.cpp:111:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, ".dxt" );
data/unmass-0.9/kdev/src/ma_gunme.cpp:113:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, ".scr" );
data/unmass-0.9/kdev/src/ma_gunme.cpp:115:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, ".tri" );
data/unmass-0.9/kdev/src/ma_ipwad.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_ipwad.cpp:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( FileRec.name, ipwadRec.name, 8 );
data/unmass-0.9/kdev/src/ma_ipwad.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ ipwadNameLen ];
data/unmass-0.9/kdev/src/ma_jpga.cpp:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( FileRec.name, lbxRec.name, lbxNameLen );
data/unmass-0.9/kdev/src/ma_lbx.cpp:86:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( FileRec.name, lbxRec.name, lbxNameLen );
data/unmass-0.9/kdev/src/ma_lbx.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ lbxNameLen ];
data/unmass-0.9/kdev/src/ma_lgp.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_lgp.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ lgpNameLen ];
data/unmass-0.9/kdev/src/ma_lgp.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[3];
data/unmass-0.9/kdev/src/ma_mea.cpp:27:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 10 ];
data/unmass-0.9/kdev/src/ma_mea.cpp:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 4 ];
data/unmass-0.9/kdev/src/ma_mea.cpp:188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &pFileList[ i ], &pFileList[ i+1 ], sizeof( s_FileRec ) );
data/unmass-0.9/kdev/src/ma_mea.cpp:218:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( MeaRec.name, pFileList[ i ].name, j );
data/unmass-0.9/kdev/src/ma_mea.cpp:234:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( MeaHeader.ident, "MEAF", 4 );
data/unmass-0.9/kdev/src/ma_mea.cpp:258:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( MeaHeader.ident, "MEAF", 4 );
data/unmass-0.9/kdev/src/ma_mea.h:26:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ MeaNameLen ];
data/unmass-0.9/kdev/src/ma_mea.h:36:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ident[4];
data/unmass-0.9/kdev/src/ma_mgmnl.cpp:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "%03lu-file.", next_rec_num - 1 );
data/unmass-0.9/kdev/src/ma_mgmnl.cpp:107:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, "wav" );
data/unmass-0.9/kdev/src/ma_mgmnl.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 16 ];
data/unmass-0.9/kdev/src/ma_mgmwb.cpp:98:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "%03lu-file.", next_rec_num - 1 );
data/unmass-0.9/kdev/src/ma_mgmwb.cpp:107:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( FileRec.name, "wav" );
data/unmass-0.9/kdev/src/ma_mgmwb.h:16:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 16 ];
data/unmass-0.9/kdev/src/ma_mgs.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_moor3.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_moor3.h:19:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ moor3NameLen ];
data/unmass-0.9/kdev/src/ma_oni_d.cpp:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_oni_d.cpp:116:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( error, "ReadRec: seek for filename\n" );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:151:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.type, "%c%c%c%c",
data/unmass-0.9/kdev/src/ma_oni_d.cpp:217:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fraw = fopen( RawFileName, "rb" );
data/unmass-0.9/kdev/src/ma_oni_d.h:19:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char type[ 4 ];
data/unmass-0.9/kdev/src/ma_oni_d.h:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char RawFileName[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_oni_d.h:42:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ FileNameWithPathMaxLen ], str2[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_oni_d.h:51:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[0x80];
data/unmass-0.9/kdev/src/ma_pak.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_pak.h:19:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ pakNameLen ];
data/unmass-0.9/kdev/src/ma_pbo.h:19:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ pboNameLen ];
data/unmass-0.9/kdev/src/ma_pbo.h:20:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char u[12];
data/unmass-0.9/kdev/src/ma_roll.cpp:32:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( ImgFileName, ".img" );
data/unmass-0.9/kdev/src/ma_roll.cpp:33:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImgFile = fopen( ImgFileName, "rb" );
data/unmass-0.9/kdev/src/ma_roll.cpp:99:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "file%04lu", num+1 );
data/unmass-0.9/kdev/src/ma_roll.cpp:117:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ImgFile = fopen( ImgFileName, "rb" );
data/unmass-0.9/kdev/src/ma_roll.h:24:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ImgFileName[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/ma_swine.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_swine.h:21:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ swineNameLen ];
data/unmass-0.9/kdev/src/ma_swine.h:24:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char u2[5];
data/unmass-0.9/kdev/src/ma_umod.h:20:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ umodNameLen ];
data/unmass-0.9/kdev/src/ma_vf1bi.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_vf1bi.cpp:151:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "file%04lu.bmp", num );
data/unmass-0.9/kdev/src/ma_vf1bi.h:16:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[ BufSize ];
data/unmass-0.9/kdev/src/ma_vol.cpp:126:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( FileRec.name, "file%04lu", num+1 );
data/unmass-0.9/kdev/src/ma_wad2.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_wad2.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ wad2NameLen ];
data/unmass-0.9/kdev/src/ma_wtn.cpp:21:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 100 ];
data/unmass-0.9/kdev/src/ma_wtn.h:22:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ wtnNameLen ];
data/unmass-0.9/kdev/src/massfs.cpp:138:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( MassFileName, "rb" );
data/unmass-0.9/kdev/src/massfs.cpp:184:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( MassfInfo.filedir, MassFileName, FileNameWithPathMaxLen );
data/unmass-0.9/kdev/src/massfs.cpp:186:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( MassfInfo.filename, &MassFileName[ slash + 1 ],
data/unmass-0.9/kdev/src/massfs.cpp:218:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ident[ 256 ];
data/unmass-0.9/kdev/src/massfs.cpp:232:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ext[ 256 ];
data/unmass-0.9/kdev/src/massfs.cpp:277:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[ FileNameWithPathMaxLen ],
data/unmass-0.9/kdev/src/massfs.cpp:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ FileNameWithPathMaxLen ];
data/unmass-0.9/kdev/src/massfs.cpp:281:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[ Massfs_BufSize ];
data/unmass-0.9/kdev/src/massfs.cpp:311:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
newf = fopen( newname, "wb" ); //?? check for existing !!
data/unmass-0.9/kdev/src/massfs.cpp:359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldPath[301]; //drive:\path before mk, chdir ...
data/unmass-0.9/kdev/src/massfs.cpp:360:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[301];
data/unmass-0.9/kdev/src/massfs.cpp:399:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "Bad drive [%c%c]", path[0], path[1] );
data/unmass-0.9/kdev/src/massfs.cpp:485:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fi = fopen( filename, "rb" );
data/unmass-0.9/kdev/src/massfs.cpp:581:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
nf = fopen( newfilename, "wb" );
data/unmass-0.9/kdev/src/massfs.cpp:604:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[ 1024 ], *chp;
data/unmass-0.9/kdev/src/massfs.cpp:625:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( str, "; " );
data/unmass-0.9/kdev/src/massfs.h:146:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filedir[FileNameWithPathMaxLen+1];
data/unmass-0.9/kdev/src/massfs.h:148:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FileNameWithPathMaxLen+1];
data/unmass-0.9/kdev/src/massfs.h:150:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileextension[20];
data/unmass-0.9/kdev/src/massfs.h:152:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filenm[FileNameWithPathMaxLen+1];
data/unmass-0.9/kdev/src/massfs.h:160:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char typestring[FileNameWithPathMaxLen+1];
data/unmass-0.9/kdev/src/massfs.h:184:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char error[ ErrorStrLen ];
data/unmass-0.9/kdev/src/massfs.h:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ 1024 ];
data/unmass-0.9/kdev/src/utools.cpp:263:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[ name_len ];
data/unmass-0.9/kdev/src/utools.cpp:266:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[ name_len ];
data/unmass-0.9/kdev/src/utools.cpp:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[ name_len ];
data/unmass-0.9/kdev/src/utools.cpp:307:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( prefix, fname, c );
data/unmass-0.9/kdev/src/utools.h:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[ 20 ];
data/unmass-0.9/kdev/src/utools.h:89:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char version_string[ 20 ];
data/unmass-0.9/kdev/src/utools.h:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char executable_name_string[ 20 ];
data/unmass-0.9/vc6/unmasswdlg.cpp:98:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat( TempDir, "\\TEMP" );
data/unmass-0.9/vc6/unmasswdlg.cpp:242:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &mass.FileRec, &FileInfo[nItem].FileRec, sizeof( CMassArchive::s_FileRec ) );
data/unmass-0.9/vc6/unmasswdlg.cpp:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ 512 ];
data/unmass-0.9/vc6/unmasswdlg.cpp:362:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[ 256 ],
data/unmass-0.9/vc6/unmasswdlg.cpp:447:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "%lu", it );
data/unmass-0.9/vc6/unmasswdlg.cpp:450:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( str, "%lu", FileInfo[ it ].FileRec.size );
data/unmass-0.9/vc6/unmasswdlg.cpp:604:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &mass.FileRec, &FileInfo[nItem].FileRec, sizeof( CMassArchive::s_FileRec ) );
data/unmass-0.9/vc6/unmasswdlg.cpp:683:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &FileInfo[ listpos ].FileRec, &mass.FileRec,
data/unmass-0.9/vc6/unmasswdlg.cpp:698:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( FileInfo[ listpos ].FileRec.type, &FileInfo[ listpos ].FileRec.name[ i ], j );
data/unmass-0.9/vc6/unmasswdlg.cpp:772:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fnamebuf[ FNAME_BUF_SIZE ];
data/unmass-0.9/vc6/unmasswdlg.cpp:1148:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &FileInfo[ i ], &FileInfo[ i+1 ], sizeof( s_FileInfo ) );
data/unmass-0.9/vc6/unmasswdlg.cpp:1225:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen( fd.GetPathName().GetBuffer(0), "rb" );
data/unmass-0.9/vc6/unmasswdlg.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char OpenDir[ MaxPathLength ], OutputDir[ MaxPathLength ];
data/unmass-0.9/vc6/unmasswdlg.h:106:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ProgramPath[ 512 ], TempDir[ 512 ]; // no end slashes
data/unmass-0.9/kdev/src/ma.cpp:84:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassFileNameFull, filename, FileNameWithPathMaxLen - 1 );
data/unmass-0.9/kdev/src/ma.cpp:90:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( MassFileNameFull );
data/unmass-0.9/kdev/src/ma.cpp:98:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassFilePath, MassFileNameFull, FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/ma.cpp:102:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassFileName, &MassFileNameFull[ i ], FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/ma.cpp:104:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( MassFileName );
data/unmass-0.9/kdev/src/ma.cpp:111:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassFileExt, &MassFileName[ i + 1 ], FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/ma.h:200:35: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
void SetName( const char* n ) { strncpy( name, n, FileNameWithPathMaxLen ); }
data/unmass-0.9/kdev/src/ma.h:242:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy( error, str, error_string_maxlen ); }
data/unmass-0.9/kdev/src/ma_bif.cpp:90:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy( ext, "" );
data/unmass-0.9/kdev/src/ma_mea.cpp:215:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen( pFileList[ i ].name );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:126:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( str );
data/unmass-0.9/kdev/src/ma_oni_d.cpp:141:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos = strlen( FileRec.name );
data/unmass-0.9/kdev/src/massfs.cpp:132:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( MassFileName ) >= FileNameWithPathMaxLen ) {
data/unmass-0.9/kdev/src/massfs.cpp:162:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassfInfo.filenm, MassFileName, FileNameWithPathMaxLen );
data/unmass-0.9/kdev/src/massfs.cpp:168:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slash = strlen( MassFileName ) - 1;
data/unmass-0.9/kdev/src/massfs.cpp:179:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy( MassfInfo.fileextension, "", 19 );
data/unmass-0.9/kdev/src/massfs.cpp:180:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dot = strlen( MassFileName );
data/unmass-0.9/kdev/src/massfs.cpp:182:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassfInfo.fileextension, &MassFileName[ dot + 1 ], 19 );
data/unmass-0.9/kdev/src/massfs.cpp:194:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( MassfInfo.typestring, Archive[ MassfInfo.type ]->GetIdent(), FileNameWithPathMaxLen );
data/unmass-0.9/kdev/src/massfs.cpp:225:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ident, Archive[ type ]->GetIdent(), 255 );
data/unmass-0.9/kdev/src/massfs.cpp:239:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( ext, Archive[ type ]->GetExtension(), 255 );
data/unmass-0.9/kdev/src/massfs.cpp:291:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( newname, FileRec.name, FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/massfs.cpp:292:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for( ei=0; ei<(int)strlen( newname ); ei++ ) {
data/unmass-0.9/kdev/src/massfs.cpp:299:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( newdir, newname, FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/massfs.cpp:300:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ei = strlen( newdir );
data/unmass-0.9/kdev/src/massfs.cpp:304:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen( newdir ) != 0 )
data/unmass-0.9/kdev/src/massfs.cpp:415:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( (pos < (int)strlen(path)) &&
data/unmass-0.9/kdev/src/massfs.cpp:418:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( str, &path[mj], 300 );
data/unmass-0.9/kdev/src/massfs.cpp:428:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ( (pos < (int)strlen(path)) &&
data/unmass-0.9/kdev/src/massfs.cpp:431:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( str, &path[mj], 300 );
data/unmass-0.9/kdev/src/massfs.cpp:445:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} while ( pos < (int)strlen( path ) );
data/unmass-0.9/kdev/src/massfs.cpp:495:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( Archive[ MassfInfo.type ]->FileRec.name, archive_name, CMassArchive::FileNameWithPathMaxLen-1 );
data/unmass-0.9/kdev/src/massfs.cpp:609:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen( chp );
data/unmass-0.9/kdev/src/massfs.cpp:611:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( s, chp, 1000 );
data/unmass-0.9/kdev/src/massfs.cpp:617:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy( &str[ sp ], "*.", 1000 - sp );
data/unmass-0.9/kdev/src/massfs.cpp:644:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sl = strlen( chp );
data/unmass-0.9/kdev/src/massfs.cpp:645:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( str, chp, 1023 );
data/unmass-0.9/kdev/src/massfs.h:178:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
{ strncpy( error, str, ErrorStrLen ); }
data/unmass-0.9/kdev/src/utools.cpp:315:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( suffix, ccp, name_len-1 );
data/unmass-0.9/kdev/src/utools.cpp:316:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_length = strlen( suffix );
data/unmass-0.9/kdev/src/utools.cpp:331:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy( name, fname, name_len-1 );
data/unmass-0.9/kdev/src/utools.cpp:372:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
massfs.FileRec.name + strlen( massfs.FileRec.name ) - filespec.suffix_length ) == 0 ))
data/unmass-0.9/vc6/unmasswdlg.cpp:92:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( ProgramPath ) - 1;
data/unmass-0.9/vc6/unmasswdlg.cpp:659:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen( FileInfo[ item ].FileRec.type );
data/unmass-0.9/vc6/unmasswdlg.cpp:665:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(( strlen( FileInfo[ InListPos[ lu ] ].FileRec.type ) == len ) &&
data/unmass-0.9/vc6/unmasswdlg.cpp:688:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen( FileInfo[ listpos ].FileRec.name );
data/unmass-0.9/vc6/unmasswdlg.cpp:695:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen( FileInfo[ listpos ].FileRec.name ) - i;
ANALYSIS SUMMARY:
Hits = 223
Lines analyzed = 8986 in approximately 0.24 seconds (37938 lines/second)
Physical Source Lines of Code (SLOC) = 5885
Hits@level = [0] 153 [1] 47 [2] 151 [3] 0 [4] 25 [5] 0
Hits@level+ = [0+] 376 [1+] 223 [2+] 176 [3+] 25 [4+] 25 [5+] 0
Hits/KSLOC@level+ = [0+] 63.8912 [1+] 37.8929 [2+] 29.9065 [3+] 4.24809 [4+] 4.24809 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.