Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/virtualjaguar-2.1.3/src/cry2rgb.h
Examining data/virtualjaguar-2.1.3/src/tom.cpp
Examining data/virtualjaguar-2.1.3/src/wavetable.cpp
Examining data/virtualjaguar-2.1.3/src/jagstub1bios.h
Examining data/virtualjaguar-2.1.3/src/jagstub2bios.h
Examining data/virtualjaguar-2.1.3/src/file.cpp
Examining data/virtualjaguar-2.1.3/src/jaguar.h
Examining data/virtualjaguar-2.1.3/src/crc32.cpp
Examining data/virtualjaguar-2.1.3/src/mmu.cpp
Examining data/virtualjaguar-2.1.3/src/cdintf.h
Examining data/virtualjaguar-2.1.3/src/jerry.h
Examining data/virtualjaguar-2.1.3/src/universalhdr.h
Examining data/virtualjaguar-2.1.3/src/eeprom.cpp
Examining data/virtualjaguar-2.1.3/src/foooked.h
Examining data/virtualjaguar-2.1.3/src/state.h
Examining data/virtualjaguar-2.1.3/src/memtrack.h
Examining data/virtualjaguar-2.1.3/src/jagbios.cpp
Examining data/virtualjaguar-2.1.3/src/joystick.cpp
Examining data/virtualjaguar-2.1.3/src/jagstub2bios.cpp
Examining data/virtualjaguar-2.1.3/src/jagdasm.h
Examining data/virtualjaguar-2.1.3/src/jaguar.cpp
Examining data/virtualjaguar-2.1.3/src/unzip.h
Examining data/virtualjaguar-2.1.3/src/tom.h
Examining data/virtualjaguar-2.1.3/src/op.cpp
Examining data/virtualjaguar-2.1.3/src/jagdevcdbios.cpp
Examining data/virtualjaguar-2.1.3/src/dsp.h
Examining data/virtualjaguar-2.1.3/src/jagcdbios.cpp
Examining data/virtualjaguar-2.1.3/src/cdrom.cpp
Examining data/virtualjaguar-2.1.3/src/jagbios.h
Examining data/virtualjaguar-2.1.3/src/memory.cpp
Examining data/virtualjaguar-2.1.3/src/dsp.cpp
Examining data/virtualjaguar-2.1.3/src/filedb.h
Examining data/virtualjaguar-2.1.3/src/jerry.cpp
Examining data/virtualjaguar-2.1.3/src/op.h
Examining data/virtualjaguar-2.1.3/src/jagbios2.h
Examining data/virtualjaguar-2.1.3/src/unzip.cpp
Examining data/virtualjaguar-2.1.3/src/memtrack.cpp
Examining data/virtualjaguar-2.1.3/src/m68000/m68kinterface.c
Examining data/virtualjaguar-2.1.3/src/m68000/inlines.h
Examining data/virtualjaguar-2.1.3/src/m68000/m68kinterface.h
Examining data/virtualjaguar-2.1.3/src/m68000/readcpu.h
Examining data/virtualjaguar-2.1.3/src/m68000/cpuextra.c
Examining data/virtualjaguar-2.1.3/src/m68000/gencpu.c
Examining data/virtualjaguar-2.1.3/src/m68000/cpuextra.h
Examining data/virtualjaguar-2.1.3/src/m68000/cpudefs.h
Examining data/virtualjaguar-2.1.3/src/m68000/sysdeps.h
Examining data/virtualjaguar-2.1.3/src/m68000/build68k.c
Examining data/virtualjaguar-2.1.3/src/m68000/readcpu.c
Examining data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c
Examining data/virtualjaguar-2.1.3/src/blitter.h
Examining data/virtualjaguar-2.1.3/src/jagstub1bios.cpp
Examining data/virtualjaguar-2.1.3/src/jagdasm.cpp
Examining data/virtualjaguar-2.1.3/src/eeprom.h
Examining data/virtualjaguar-2.1.3/src/log.h
Examining data/virtualjaguar-2.1.3/src/jagcdbios.h
Examining data/virtualjaguar-2.1.3/src/joystick.h
Examining data/virtualjaguar-2.1.3/src/wavetable.h
Examining data/virtualjaguar-2.1.3/src/mmu.h
Examining data/virtualjaguar-2.1.3/src/file.h
Examining data/virtualjaguar-2.1.3/src/dac.cpp
Examining data/virtualjaguar-2.1.3/src/blitter.cpp
Examining data/virtualjaguar-2.1.3/src/crc32.h
Examining data/virtualjaguar-2.1.3/src/jagdevcdbios.h
Examining data/virtualjaguar-2.1.3/src/memory.h
Examining data/virtualjaguar-2.1.3/src/log.cpp
Examining data/virtualjaguar-2.1.3/src/version.h
Examining data/virtualjaguar-2.1.3/src/universalhdr.cpp
Examining data/virtualjaguar-2.1.3/src/gpu.h
Examining data/virtualjaguar-2.1.3/src/settings.cpp
Examining data/virtualjaguar-2.1.3/src/filedb.cpp
Examining data/virtualjaguar-2.1.3/src/dac.h
Examining data/virtualjaguar-2.1.3/src/gui/app.cpp
Examining data/virtualjaguar-2.1.3/src/gui/alpinetab.h
Examining data/virtualjaguar-2.1.3/src/gui/help.h
Examining data/virtualjaguar-2.1.3/src/gui/filethread.cpp
Examining data/virtualjaguar-2.1.3/src/gui/about.h
Examining data/virtualjaguar-2.1.3/src/gui/controllertab.cpp
Examining data/virtualjaguar-2.1.3/src/gui/help.cpp
Examining data/virtualjaguar-2.1.3/src/gui/mainwin.h
Examining data/virtualjaguar-2.1.3/src/gui/about.cpp
Examining data/virtualjaguar-2.1.3/src/gui/profile.cpp
Examining data/virtualjaguar-2.1.3/src/gui/configdialog.cpp
Examining data/virtualjaguar-2.1.3/src/gui/controllerwidget.h
Examining data/virtualjaguar-2.1.3/src/gui/generaltab.cpp
Examining data/virtualjaguar-2.1.3/src/gui/imagedelegate.cpp
Examining data/virtualjaguar-2.1.3/src/gui/imagedelegate.h
Examining data/virtualjaguar-2.1.3/src/gui/mainwin.cpp
Examining data/virtualjaguar-2.1.3/src/gui/configdialog.h
Examining data/virtualjaguar-2.1.3/src/gui/gamepad.cpp
Examining data/virtualjaguar-2.1.3/src/gui/generaltab.h
Examining data/virtualjaguar-2.1.3/src/gui/filethread.h
Examining data/virtualjaguar-2.1.3/src/gui/keygrabber.cpp
Examining data/virtualjaguar-2.1.3/src/gui/controllerwidget.cpp
Examining data/virtualjaguar-2.1.3/src/gui/filelistmodel.h
Examining data/virtualjaguar-2.1.3/src/gui/app.h
Examining data/virtualjaguar-2.1.3/src/gui/glwidget.h
Examining data/virtualjaguar-2.1.3/src/gui/filepicker.cpp
Examining data/virtualjaguar-2.1.3/src/gui/controllertab.h
Examining data/virtualjaguar-2.1.3/src/gui/profile.h
Examining data/virtualjaguar-2.1.3/src/gui/alpinetab.cpp
Examining data/virtualjaguar-2.1.3/src/gui/filelistmodel.cpp
Examining data/virtualjaguar-2.1.3/src/gui/glwidget.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.h
Examining data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.h
Examining data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.h
Examining data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.h
Examining data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp
Examining data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.h
Examining data/virtualjaguar-2.1.3/src/gui/gamepad.h
Examining data/virtualjaguar-2.1.3/src/gui/filepicker.h
Examining data/virtualjaguar-2.1.3/src/gui/keygrabber.h
Examining data/virtualjaguar-2.1.3/src/gpu.cpp
Examining data/virtualjaguar-2.1.3/src/cdintf.cpp
Examining data/virtualjaguar-2.1.3/src/settings.h
Examining data/virtualjaguar-2.1.3/src/event.h
Examining data/virtualjaguar-2.1.3/src/jagbios2.cpp
Examining data/virtualjaguar-2.1.3/src/state.cpp
Examining data/virtualjaguar-2.1.3/src/event.cpp
Examining data/virtualjaguar-2.1.3/src/cdrom.h
FINAL RESULTS:
data/virtualjaguar-2.1.3/src/eeprom.cpp:98:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(eeprom_filename, "%s%08X.eeprom", vjs.EEPROMPath, (unsigned int)jaguarMainROMCRC32);
data/virtualjaguar-2.1.3/src/eeprom.cpp:99:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(cdromEEPROMFilename, "%scdrom.eeprom", vjs.EEPROMPath);
data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:106:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.EEPROMPath, CheckForTrailingSlash(
data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:108:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.ROMPath, CheckForTrailingSlash(
data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:120:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.alpineROMPath, alpineTab->edit1->text().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:121:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.absROMPath, alpineTab->edit2->text().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:75:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%06X: %s<br>", oldpc, buffer);
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:87:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, singleCharString);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:66:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%s%06X: ", (i != 0 ? "<br>" : ""), memBase + i);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:71:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:75:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:88:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf);
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:148:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<br>%06X: %08X %08X %s -> %06X", address, hi, lo, opType[objectType], link);
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:155:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " YPOS %s %u", ccType[cc], ypos);
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:231:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, " [%u x %u @ (%i, %u) (iw:%u, dw:%u) (%u bpp), p:%06X fp:%02X, fl:%s%s%s%s, idx:%02X, pt:%02X]<br>",
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:76:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%06X: %s<br>", oldpc, buffer);
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:88:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, singleCharString);
data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:88:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.jagBootPath, settings.value("JagBootROM", "./bios/[BIOS] Atari Jaguar (USA, Europe).zip").toString().toAscii().data());
data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:89:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.CDBootPath, settings.value("CDBootROM", "./bios/jagcd.rom").toString().toAscii().data());
data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:90:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.EEPROMPath, settings.value("EEPROMs", "./eeproms").toString().toAscii().data());
data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:91:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.ROMPath, settings.value("ROMs", "./software").toString().toAscii().data());
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.EEPROMPath, settings.value("EEPROMs", QStandardPaths::writableLocation(QStandardPaths::DataLocation).append("/eeproms/")).toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1193:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.ROMPath, settings.value("ROMs", QStandardPaths::writableLocation(QStandardPaths::DataLocation).append("/software/")).toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1194:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.alpineROMPath, settings.value("DefaultROM", "").toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1195:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vjs.absROMPath, settings.value("DefaultABS", "").toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/profile.cpp:100:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(deviceNames[i], set->value("deviceName").toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/gui/profile.cpp:116:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(profile[i].mapName, set->value("mapName").toString().toUtf8().data());
data/virtualjaguar-2.1.3/src/jagdasm.cpp:124:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 31: sprintf(buffer, "CMPQ %s,R%02d", signed_16bit((int16_t)(reg1 << 11) >> 11), reg2);break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:161:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 52: sprintf(buffer, "JUMP %s(R%02d)", condition[reg2], reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:162:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
case 53: sprintf(buffer, "JR %s$%X", condition[reg2], pc + ((int8_t)(reg1 << 3) >> 2)); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:177:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buffer, (reg1 ? "UNPACK R%02d" : "PACK R%02d"), reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:184:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufferOut,"%-24s (%04X)", buffer, op);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:187:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufferOut, "%04X %-24s", op, buffer);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:191:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(bufferOut, "%04X %04X %04X %-24s", op, word1, word2, buffer);
data/virtualjaguar-2.1.3/src/log.cpp:68:13: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
logSize += vfprintf(log_stream, text, arg);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:114:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (file, "%lx: %lu %s\n", &opcode, &count, name) == 3) {
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:695:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (unsstr, usstr);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:697:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sstr, vstr);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:698:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dstr, vstr);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:699:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (vstr, value);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:701:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dstr, dst);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:703:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sstr, src);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:706:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (udstr, usstr);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:707:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (udstr, dst);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:709:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (usstr, src);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:712:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (undstr, unsstr);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:715:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (undstr, dst);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:717:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (unsstr, src);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:107:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%lX", name,
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:167:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%lX", name,
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:239:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buffer);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:280:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:285:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:309:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:314:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, buf);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:349:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(instrname, lookup->name);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:355:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s", instrname);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:356:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, f);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:381:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s, $%lX", src, (long)newpc);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:383:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s, %s", dst, src);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:385:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, "%s%s%s", src, (dp->suse && dp->duse ? ", " : ""), dst);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:387:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, f);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:391:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(f, " (%s)", (cctrue(dp->cc) ? "true" : "false"));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:392:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, f);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:405:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, f);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:408:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(output, str);
data/virtualjaguar-2.1.3/src/memtrack.cpp:51:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mtFilename, "%s%s", vjs.EEPROMPath, MEMTRACK_FILENAME);
data/virtualjaguar-2.1.3/src/jaguar.cpp:1921:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:64:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/virtualjaguar-2.1.3/src/blitter.cpp:1481:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * ctrlStr[4] = { "XADDPHR\0", "XADDPIX\0", "XADD0\0", "XADDINC\0" };
data/virtualjaguar-2.1.3/src/blitter.cpp:1482:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * bppStr[8] = { "1bpp\0", "2bpp\0", "4bpp\0", "8bpp\0", "16bpp\0", "32bpp\0", "???\0", "!!!\0" };
data/virtualjaguar-2.1.3/src/blitter.cpp:1483:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * opStr[16] = { "LFU_CLEAR", "LFU_NSAND", "LFU_NSAD", "LFU_NOTS", "LFU_SAND", "LFU_NOTD", "LFU_N_SXORD", "LFU_NSORND",
data/virtualjaguar-2.1.3/src/blitter.cpp:1780:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * opStr[16] = { "LFU_CLEAR", "LFU_NSAND", "LFU_NSAD", "LFU_NOTS", "LFU_SAND", "LFU_NOTD", "LFU_N_SXORD", "LFU_NSORND",
data/virtualjaguar-2.1.3/src/blitter.cpp:2851:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char zfs[512], lfus[512];
data/virtualjaguar-2.1.3/src/blitter.cpp:2854:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(zfs, " ZMODE=%X", zmode);
data/virtualjaguar-2.1.3/src/blitter.cpp:2856:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lfus, " LFUFUNC=%X", lfufunc);
data/virtualjaguar-2.1.3/src/blitter.cpp:3063:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x_add_str[4][4] = { "phr", "1", "0", "inc" };
data/virtualjaguar-2.1.3/src/cdrom.cpp:190:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * BReg[12] = { "BUTCH", "DSCNTRL", "DS_DATA", "???", "I2CNTRL",
data/virtualjaguar-2.1.3/src/dsp.cpp:368:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * dsp_opcode_str[65]=
data/virtualjaguar-2.1.3/src/dsp.cpp:1094:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsp_ram_8, ram1, 0x2000);
data/virtualjaguar-2.1.3/src/dsp.cpp:1095:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsp_reg_bank_0, regs1, 32 * 4);
data/virtualjaguar-2.1.3/src/dsp.cpp:1096:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dsp_reg_bank_1, ®s1[32], 32 * 4);
data/virtualjaguar-2.1.3/src/eeprom.cpp:82:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char eeprom_filename[MAX_PATH];
data/virtualjaguar-2.1.3/src/eeprom.cpp:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cdromEEPROMFilename[MAX_PATH];
data/virtualjaguar-2.1.3/src/eeprom.cpp:100:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(eeprom_filename, "rb");
data/virtualjaguar-2.1.3/src/eeprom.cpp:113:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(cdromEEPROMFilename, "rb");
data/virtualjaguar-2.1.3/src/eeprom.cpp:146:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(eeprom_filename, "wb");
data/virtualjaguar-2.1.3/src/eeprom.cpp:161:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(cdromEEPROMFilename, "wb");
data/virtualjaguar-2.1.3/src/file.cpp:139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0x800000, buffer, jaguarROMSize);
data/virtualjaguar-2.1.3/src/file.cpp:151:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0x802000, buffer, jaguarROMSize);
data/virtualjaguar-2.1.3/src/file.cpp:167:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + loadAddress, buffer + 0x24, codeSize);
data/virtualjaguar-2.1.3/src/file.cpp:177:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + loadAddress, buffer + 0xA8, codeSize);
data/virtualjaguar-2.1.3/src/file.cpp:225:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + loadAddress, buffer + 0x2E, jaguarROMSize - 0x2E);
data/virtualjaguar-2.1.3/src/file.cpp:249:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + loadAddress, buffer + 0x20, jaguarROMSize - 0x20);
data/virtualjaguar-2.1.3/src/file.cpp:288:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0x802000, buffer, jaguarROMSize);
data/virtualjaguar-2.1.3/src/file.cpp:308:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buffer[0x10000];
data/virtualjaguar-2.1.3/src/file.cpp:358:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char ftStrings[5][32] = { "Software", "EEPROM", "Label", "Box Art", "Controller Overlay" };
data/virtualjaguar-2.1.3/src/file.cpp:360:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * zip = fopen(zipFile, "rb");
data/virtualjaguar-2.1.3/src/file.cpp:444:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * zip = fopen(zipFile, "rb");
data/virtualjaguar-2.1.3/src/file.cpp:482:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * zip = fopen(zipFile, "rb");
data/virtualjaguar-2.1.3/src/filedb.cpp:21:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[128];
data/virtualjaguar-2.1.3/src/filedb.h:19:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[128];
data/virtualjaguar-2.1.3/src/gpu.cpp:371:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * gpu_opcode_str[64]=
data/virtualjaguar-2.1.3/src/gpu.cpp:1071:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/virtualjaguar-2.1.3/src/gpu.cpp:1307:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[512];
data/virtualjaguar-2.1.3/src/gpu.cpp:1401:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * condition[32] =
data/virtualjaguar-2.1.3/src/gpu.cpp:1445:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * condition[32] =
data/virtualjaguar-2.1.3/src/gui/app.cpp:340:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/app.cpp:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jagBootPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/app.cpp:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CDBootPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/app.cpp:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EEPROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/app.cpp:344:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alpineROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/app.cpp:345:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char absROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:40:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyName1[96][16];
data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:41:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char keyName2[64][16];
data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:42:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hatName[4][16];
data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:43:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char axisName[2][8];
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2048];
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:72:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "PC: %06X SR: %04X<br><br>", m68kPC, m68kSR);
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:94:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "A0: %08X A1: %08X A2: %08X A3: %08X<br>", m68kA0, m68kA1, m68kA2, m68kA3);
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:101:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "A4: %08X A5: %08X A6: %08X A7: %08X<br><br>", m68kA4, m68kA5, m68kA6, m68kA7);
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:108:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "D0: %08X D1: %08X D2: %08X D3: %08X<br>", m68kD0, m68kD1, m68kD2, m68kD3);
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:115:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "D4: %08X D5: %08X D6: %08X D7: %08X<br><br>", m68kD4, m68kD5, m68kD6, m68kD7);
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:119:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "GPU PC: %06X FLAGS: %04X SR: %04X<br><br>", GPUReadLong(0xF02110, DEBUG), GPUReadLong(0xF02100, DEBUG), GPUReadLong(0xF02114, DEBUG));
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:144:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Bank 0:<br>"
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:163:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Bank 1:<br>"
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:183:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "DSP PC: %06X FLAGS: %05X SR: %05X<br><br>", DSPReadLong(0xF1A110, DEBUG), DSPReadLong(0xF1A100, DEBUG), DSPReadLong(0xF1A114, DEBUG));
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:211:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Bank 0:<br>"
data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:230:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "Bank 1:<br>"
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];//, buf[64];
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:78:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char singleCharString[2] = { 0, 0 };
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:83:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, " ");
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024], buf[64];
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:70:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%02X ", jaguarMainRAM[memBase + i + j]);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:74:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "| ");
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:80:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "&#%i;", c);
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:83:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " ");
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];//, buf[64];
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:58:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "OLP = $%X<br>", olp);
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:130:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * opType[8] = {
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:134:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * ccType[8] = {
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:138:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:174:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "***** SELF REFERENTIAL LINK *****<br>");
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:185:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:187:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %08X %08X<br>", (uint32_t)(p1 >> 32), (uint32_t)(p1 & 0xFFFFFFFF));
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:189:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %08X %08X<br>", (uint32_t)(p2 >> 32), (uint32_t)(p2 & 0xFFFFFFFF));
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:195:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " [hsc: %02X, vsc: %02X, rem: %02X]<br>", hscale, vscale, remainder);
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:204:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, " %08X %08X<br>", (uint32_t)(p1 >> 32), (uint32_t)(p1 & 0xFFFFFFFF));
data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:66:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];//, buf[64];
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:79:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char singleCharString[2] = { 0, 0 };
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:84:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buffer, " ");
data/virtualjaguar-2.1.3/src/gui/filethread.cpp:117:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!file.open(QIODevice::ReadOnly))
data/virtualjaguar-2.1.3/src/gui/gamepad.h:52:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char padName[8][128];
data/virtualjaguar-2.1.3/src/gui/keygrabber.cpp:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jagButtonName[21][10] = { "Up", "Down", "Left", "Right",
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:382:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0xE00000, (vjs.biosType == BT_K_SERIES ? jaguarBootROM : jaguarBootROM2), 0x20000); // Use the stock BIOS
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:409:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0xE00000, jaguarDevBootROM2, 0x20000); // Use the stub BIOS
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:820:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t));
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:822:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern2 + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t));
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:849:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0x800000, jaguarCDBootROM, 0x40000);
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:995:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0xE00000, biosPointer, 0x20000);
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1028:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jagMemSpace + 0x800000, jaguarCDBootROM, 0x40000);
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1150:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t));
data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1152:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern2 + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t));
data/virtualjaguar-2.1.3/src/gui/profile.cpp:51:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char deviceNames[MAX_DEVICES][128];
data/virtualjaguar-2.1.3/src/gui/profile.cpp:73:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&profileBackup, &profile, sizeof(Profile) * MAX_PROFILES);
data/virtualjaguar-2.1.3/src/gui/profile.cpp:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&profile, &profileBackup, sizeof(Profile) * MAX_PROFILES);
data/virtualjaguar-2.1.3/src/gui/profile.cpp:92:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(deviceNames[0], "Keyboard");
data/virtualjaguar-2.1.3/src/gui/profile.cpp:142:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(profile[0].mapName, "Default");
data/virtualjaguar-2.1.3/src/gui/profile.cpp:271:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(profile[numberOfProfiles].mapName, "Default");
data/virtualjaguar-2.1.3/src/gui/profile.h:17:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[32]; // Human readable map name
data/virtualjaguar-2.1.3/src/jagdasm.cpp:28:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * condition[32] =
data/virtualjaguar-2.1.3/src/jagdasm.cpp:71:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temp[10];
data/virtualjaguar-2.1.3/src/jagdasm.cpp:74:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "-$%X", -val);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:76:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(temp, "$%X", val);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:84:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/virtualjaguar-2.1.3/src/jagdasm.cpp:93:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 0: sprintf(buffer, "ADD R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:94:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 1: sprintf(buffer, "ADDC R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:95:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 2: sprintf(buffer, "ADDQ $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:96:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 3: sprintf(buffer, "ADDQT $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:97:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 4: sprintf(buffer, "SUB R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:98:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 5: sprintf(buffer, "SUBC R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:99:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 6: sprintf(buffer, "SUBQ $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:100:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 7: sprintf(buffer, "SUBQT $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:101:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 8: sprintf(buffer, "NEG R%02d", reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:102:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 9: sprintf(buffer, "AND R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:103:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 10: sprintf(buffer, "OR R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:104:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 11: sprintf(buffer, "XOR R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:105:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 12: sprintf(buffer, "NOT R%02d", reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:106:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 13: sprintf(buffer, "BTST $%X,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:107:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 14: sprintf(buffer, "BSET $%X,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:108:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 15: sprintf(buffer, "BCLR $%X,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:109:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 16: sprintf(buffer, "MULT R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:110:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 17: sprintf(buffer, "IMULT R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:111:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 18: sprintf(buffer, "IMULTN R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:112:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 19: sprintf(buffer, "RESMAC R%02d", reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:113:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 20: sprintf(buffer, "IMACN R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:114:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 21: sprintf(buffer, "DIV R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:115:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 22: sprintf(buffer, "ABS R%02d", reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:116:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 23: sprintf(buffer, "SH R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:117:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 24: sprintf(buffer, "SHLQ $%X,R%02d", 32 - reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:118:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 25: sprintf(buffer, "SHRQ $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:119:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 26: sprintf(buffer, "SHA R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:120:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 27: sprintf(buffer, "SHARQ $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:121:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 28: sprintf(buffer, "ROR R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:122:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 29: sprintf(buffer, "RORQ $%X,R%02d", convert_zero[reg1], reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:123:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 30: sprintf(buffer, "CMP R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:126:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SAT8 R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:128:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SUBQMOD $%X,R%02d", convert_zero[reg1], reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:131:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SAT16 R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:133:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SAT16S R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:135:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 34: sprintf(buffer, "MOVE R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:136:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 35: sprintf(buffer, "MOVEQ %d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:137:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 36: sprintf(buffer, "MOVETA R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:138:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 37: sprintf(buffer, "MOVEFA R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:139:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 38: sprintf(buffer, "MOVEI #$%X,R%02d", ROPCODE(pc) | (ROPCODE(pc+2)<<16), reg2); size = 6; break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:140:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 39: sprintf(buffer, "LOADB (R%02d),R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:141:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 40: sprintf(buffer, "LOADW (R%02d),R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:142:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 41: sprintf(buffer, "LOAD (R%02d),R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:144:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "LOADP (R%02d),R%02d", reg1, reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:146:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SAT32S R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:148:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 43: sprintf(buffer, "LOAD (R14+$%X),R%02d", convert_zero[reg1]*4, reg2);break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:149:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 44: sprintf(buffer, "LOAD (R15+$%X),R%02d", convert_zero[reg1]*4, reg2);break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:150:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 45: sprintf(buffer, "STOREB R%02d,(R%02d)", reg2, reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:151:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 46: sprintf(buffer, "STOREW R%02d,(R%02d)", reg2, reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:152:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 47: sprintf(buffer, "STORE R%02d,(R%02d)", reg2, reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:154:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "STOREP R%02d,(R%02d)", reg2, reg1);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:156:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "MIRROR R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:158:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 49: sprintf(buffer, "STORE R%02d,(R14+$%X)", reg2, convert_zero[reg1]*4);break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:159:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 50: sprintf(buffer, "STORE R%02d,(R15+$%X)", reg2, convert_zero[reg1]*4);break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:160:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 51: sprintf(buffer, "MOVE PC,R%02d", reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:163:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 54: sprintf(buffer, "MMULT R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:164:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 55: sprintf(buffer, "MTOI R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:165:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 56: sprintf(buffer, "NORMI R%02d,R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:166:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 57: sprintf(buffer, "NOP"); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:167:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 58: sprintf(buffer, "LOAD (R14+R%02d),R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:168:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 59: sprintf(buffer, "LOAD (R15+R%02d),R%02d", reg1, reg2); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:169:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 60: sprintf(buffer, "STORE R%02d,(R14+R%02d)", reg2, reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:170:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
case 61: sprintf(buffer, "STORE R%02d,(R15+R%02d)", reg2, reg1); break;
data/virtualjaguar-2.1.3/src/jagdasm.cpp:172:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "SAT24 R%02d", reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:174:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "illegal [%d,%d]", reg1, reg2);
data/virtualjaguar-2.1.3/src/jagdasm.cpp:179:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "ADDQMOD $%X,R%02d", convert_zero[reg1], reg2);
data/virtualjaguar-2.1.3/src/jaguar.cpp:156:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];
data/virtualjaguar-2.1.3/src/jaguar.cpp:190:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];
data/virtualjaguar-2.1.3/src/jaguar.cpp:921:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/virtualjaguar-2.1.3/src/jaguar.cpp:1617:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];//, mem[64];
data/virtualjaguar-2.1.3/src/jaguar.cpp:1972:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jaguarMainRAM, jagMemSpace + 0xE00000, 8);
data/virtualjaguar-2.1.3/src/jaguar.cpp:1980:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(jaguarMainRAM, jagMemSpace + 0xE00000, 8);
data/virtualjaguar-2.1.3/src/jaguar.cpp:2149:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen("./memdump.bin", "wb");
data/virtualjaguar-2.1.3/src/jerry.cpp:367:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&jerry_ram_8[0xD000], waveTableROM, 0x1000);
data/virtualjaguar-2.1.3/src/log.cpp:34:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
log_stream = fopen(path, "w");
data/virtualjaguar-2.1.3/src/m68000/build68k.c:75:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tablef = fopen("table68k","r");
data/virtualjaguar-2.1.3/src/m68000/build68k.c:90:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char patbits[16];
data/virtualjaguar-2.1.3/src/m68000/build68k.c:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opcstr[256];
data/virtualjaguar-2.1.3/src/m68000/cpuextra.c:156:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char excNames[33][64] = {
data/virtualjaguar-2.1.3/src/m68000/cpuextra.c:179:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exactCpuCycles[256]; /* Space to store return string for exact cpu cycles */
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:109:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen ("frequent.68k", "r");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char endlabelstr[80];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:195:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:202:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ilong_prefetch(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:204:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ilong(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:210:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:217:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_iword_prefetch(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:219:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_iword(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:225:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:232:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ibyte_prefetch(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:234:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ibyte(%d)", r);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:568:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getcode[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:573:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (getcode, "m68k_read_memory_32(srca)");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:575:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (getcode, "(int32_t)(int16_t)m68k_read_memory_16(srca)");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:605:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:610:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char putcode[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:615:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (putcode, "m68k_write_memory_32(srca,");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:617:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (putcode, "m68k_write_memory_16(srca,");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:656:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstr[100], sstr[100], dstr[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usstr[100], udstr[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unsstr[100], undstr[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:681:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((int8_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:682:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uint8_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:685:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((int16_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:686:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uint16_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:689:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((int32_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:690:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uint32_t)(");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:700:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:702:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (dstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:704:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:708:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (udstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:710:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (usstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:716:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (undstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:718:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (unsstr, "))");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1675:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1695:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1708:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1722:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1796:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1798:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1837:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1839:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1871:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1873:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1906:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1908:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1938:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1940:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1970:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1972:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2005:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2007:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2043:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2045:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2651:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[100];
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2655:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "((opcode >> %d) & %d)", pos, smsk);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2657:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(opcode & %d)", smsk);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2694:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (endlabelstr, "endlabel%d", endlabelno);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2800:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerfile = fopen("cputbl.h", "wb");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2801:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stblfile = fopen("cpustbl.c", "wb");
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:56:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"D%d", reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:59:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"A%d", reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:62:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(A%d)", reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:65:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(A%d)+", reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:68:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"-(A%d)", reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:73:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(A%d,$%X) == $%lX", reg, disp16 & 0xFFFF,
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:91:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:92:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"A%d, ",reg);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:115:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(A%d, %c%d.%c*%d, $%X) == $%lX", reg,
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:124:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(PC, $%X) == $%lX", disp16 & 0xFFFF, (unsigned long)addr);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:142:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:143:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"PC, ");
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:174:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"(PC, %c%d.%c*%d, $%X) == $%lX", dp & 0x8000 ? 'A' : 'D',
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:180:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"$%lX", (unsigned long)(int32_t)(int16_t)get_iword_1(m68kpc_offset));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:184:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"$%lX", (unsigned long)get_ilong_1(m68kpc_offset));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:191:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%X", (unsigned int)(get_iword_1(m68kpc_offset) & 0xFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:195:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%X", (unsigned int)(get_iword_1(m68kpc_offset) & 0xFFFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:199:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%lX", (unsigned long)(get_ilong_1(m68kpc_offset)));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:209:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%X", (unsigned int)(offset & 0xFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:220:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%X", (unsigned int)(offset & 0xFFFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:226:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%lX", (unsigned long)(offset & 0xFFFFFFFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:230:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,"#$%lX", (unsigned long)(offset & 0xFFFFFFFF));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:279:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "D%d", first);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:284:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "-D%d", first + runLength);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:308:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "A%d", first);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:313:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "-A%d", first + runLength);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:323:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char f[256], str[256];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:324:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char src[256], dst[256];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrname[20];
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:360:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case sz_byte: strcat(str, ".B\t"); break;
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:361:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case sz_word: strcat(str, ".W\t"); break;
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:362:16: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case sz_long: strcat(str, ".L\t"); break;
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "$%lX", (long)newpc);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:401:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, "%04X ", get_iword_1(pcOffsetSave + opwords * 2));
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:403:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(f, " ");
data/virtualjaguar-2.1.3/src/m68000/m68kinterface.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[2048];//, mem[64];
data/virtualjaguar-2.1.3/src/m68000/readcpu.c:269:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnemonic[10];
data/virtualjaguar-2.1.3/src/m68000/readcpu.h:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitpos[16];
data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:61:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy q_memcpy
data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:65:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define creat(x,y) open("T:creat",O_CREAT|O_RDWR|O_TRUNC,777)
data/virtualjaguar-2.1.3/src/memory.cpp:105:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union u {unsigned long vi; unsigned char c[sizeof(unsigned long)];};
data/virtualjaguar-2.1.3/src/memory.cpp:106:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
union v {unsigned long ni; unsigned char d[sizeof(unsigned long)];};
data/virtualjaguar-2.1.3/src/memory.cpp:269:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char * whoName[10] =
data/virtualjaguar-2.1.3/src/memory.h:69:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * whoName[10];
data/virtualjaguar-2.1.3/src/memtrack.cpp:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mtFilename[MAX_PATH];
data/virtualjaguar-2.1.3/src/memtrack.cpp:52:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(mtFilename, "rb");
data/virtualjaguar-2.1.3/src/memtrack.cpp:85:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * fp = fopen(mtFilename, "wb");
data/virtualjaguar-2.1.3/src/op.cpp:141:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * opType[8] =
data/virtualjaguar-2.1.3/src/op.cpp:143:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * ccType[8] =
data/virtualjaguar-2.1.3/src/settings.h:50:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/settings.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jagBootPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/settings.h:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CDBootPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/settings.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char EEPROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/settings.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alpineROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/settings.h:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char absROMPath[MAX_PATH];
data/virtualjaguar-2.1.3/src/tom.cpp:362:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * videoMode_to_str[8] =
data/virtualjaguar-2.1.3/src/universalhdr.cpp:17:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char universalCartHeader[0x2000] = {
data/virtualjaguar-2.1.3/src/unzip.cpp:87:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char inBuffer[CHUNKSIZE];
data/virtualjaguar-2.1.3/src/wavetable.cpp:20:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
/*const*/ unsigned char waveTableROM[4096] =
data/virtualjaguar-2.1.3/src/gui/controllertab.cpp:225:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(profile[profileNum].mapName, text.toUtf8().data(), 31);
data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:80:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int j=0; j<strlen(string); j++)
data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:86:5: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
sprintf(buf, ".");
data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:81:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(uint j=0; j<strlen(string); j++)
data/virtualjaguar-2.1.3/src/gui/filethread.cpp:126:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file.read((char *)buffer, fileSize);
data/virtualjaguar-2.1.3/src/gui/gamepad.cpp:58:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(padName[i], SDL_JoystickName(i), 127);
data/virtualjaguar-2.1.3/src/gui/profile.cpp:243:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(deviceNames[deviceNum], name, 127);
data/virtualjaguar-2.1.3/src/jaguar.cpp:471:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
Note that we only have to be concerned with 3 entities read/writing anything:
data/virtualjaguar-2.1.3/src/m68000/build68k.c:28:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/virtualjaguar-2.1.3/src/m68000/build68k.c:34:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:713:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (unsstr, "-");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:714:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (undstr, "~");
data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2705:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(exactCpuCycles) > 0)
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:277:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "/");
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:306:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(output, "/");
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:353:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ccpt, ccnames[dp->cc], 2);
data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:363:11: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
default: strcat(str, "\t"); break;
data/virtualjaguar-2.1.3/src/m68000/readcpu.c:893:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lookuptab[find].name) == 0)
data/virtualjaguar-2.1.3/src/m68000/readcpu.c:956:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int mismatch;
data/virtualjaguar-2.1.3/src/m68000/readcpu.c:1121:9: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return mismatch;
data/virtualjaguar-2.1.3/src/unzip.cpp:27:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint32_t n = ((uint32_t)fgetc(fp));
data/virtualjaguar-2.1.3/src/unzip.cpp:28:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n |= ((uint32_t)fgetc(fp)) << 8;
data/virtualjaguar-2.1.3/src/unzip.cpp:29:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n |= ((uint32_t)fgetc(fp)) << 16;
data/virtualjaguar-2.1.3/src/unzip.cpp:30:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n |= ((uint32_t)fgetc(fp)) << 24;
data/virtualjaguar-2.1.3/src/unzip.cpp:38:26: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
uint16_t n = ((uint16_t)fgetc(fp));
data/virtualjaguar-2.1.3/src/unzip.cpp:39:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n |= ((uint16_t)fgetc(fp)) << 8;
ANALYSIS SUMMARY:
Hits = 409
Lines analyzed = 73900 in approximately 9.69 seconds (7623 lines/second)
Physical Source Lines of Code (SLOC) = 56129
Hits@level = [0] 802 [1] 26 [2] 314 [3] 2 [4] 67 [5] 0
Hits@level+ = [0+] 1211 [1+] 409 [2+] 383 [3+] 69 [4+] 67 [5+] 0
Hits/KSLOC@level+ = [0+] 21.5753 [1+] 7.28679 [2+] 6.82357 [3+] 1.22931 [4+] 1.19368 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.