Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/assaultcube-1.2.0.2.1/source/enet/callbacks.c
Examining data/assaultcube-1.2.0.2.1/source/enet/compress.c
Examining data/assaultcube-1.2.0.2.1/source/enet/host.c
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/callbacks.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/enet.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/list.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/protocol.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/time.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/types.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/unix.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/utility.h
Examining data/assaultcube-1.2.0.2.1/source/enet/include/enet/win32.h
Examining data/assaultcube-1.2.0.2.1/source/enet/list.c
Examining data/assaultcube-1.2.0.2.1/source/enet/packet.c
Examining data/assaultcube-1.2.0.2.1/source/enet/peer.c
Examining data/assaultcube-1.2.0.2.1/source/enet/protocol.c
Parsing failed to find end of parameter list; semicolon terminated it in (
#else
fprintf (stderr,
#endif
"peer %u: %f%%+-%f%% packet loss, %u+-%u ms round trip time, %f%% throttle, %u/%u outgoing, %u/%u incoming\n", currentPeer -> incomingPe
Parsing failed to find end of parameter list; semicolon terminated it in (
#else
fprintf (stderr,
#endif
"peer %u: compressed %u -> %u (%u%%)\n", currentPeer -> incomingPeerID, originalSize, compressedSize, (compressedSize * 100) / originalS
Examining data/assaultcube-1.2.0.2.1/source/enet/unix.c
Examining data/assaultcube-1.2.0.2.1/source/enet/win32.c
Examining data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/ac_bot.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/ac_bot.h
Examining data/assaultcube-1.2.0.2.1/source/src/bot/ac_bot_ai.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot.h
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot_util.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot_util.h
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.h
Examining data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/client.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/command.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/command.h
Examining data/assaultcube-1.2.0.2.1/source/src/console.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/console.h
Examining data/assaultcube-1.2.0.2.1/source/src/crypto.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h
Examining data/assaultcube-1.2.0.2.1/source/src/cube.h
Examining data/assaultcube-1.2.0.2.1/source/src/docs.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/editing.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/entities.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/entity.h
Examining data/assaultcube-1.2.0.2.1/source/src/geom.h
Examining data/assaultcube-1.2.0.2.1/source/src/http.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/hudgun.h
Examining data/assaultcube-1.2.0.2.1/source/src/jpegenc.h
Examining data/assaultcube-1.2.0.2.1/source/src/log.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/main.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/master.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/md2.h
Examining data/assaultcube-1.2.0.2.1/source/src/md3.h
Examining data/assaultcube-1.2.0.2.1/source/src/menus.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/model.h
Examining data/assaultcube-1.2.0.2.1/source/src/modelcache.h
Examining data/assaultcube-1.2.0.2.1/source/src/oggstream.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/openal.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/packetqueue.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/pch.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/physics.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/platform.h
Examining data/assaultcube-1.2.0.2.1/source/src/protocol.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/protocol.h
Examining data/assaultcube-1.2.0.2.1/source/src/protos.h
Examining data/assaultcube-1.2.0.2.1/source/src/rendercubes.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/rendergl.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/renderhud.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/renderparticles.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/rndmap.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/scale.h
Examining data/assaultcube-1.2.0.2.1/source/src/scoreboard.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/server.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/server.h
Examining data/assaultcube-1.2.0.2.1/source/src/serveractions.h
Examining data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/serverchecks.h
Examining data/assaultcube-1.2.0.2.1/source/src/servercontroller.h
Examining data/assaultcube-1.2.0.2.1/source/src/serverevents.h
Examining data/assaultcube-1.2.0.2.1/source/src/serverfiles.h
Examining data/assaultcube-1.2.0.2.1/source/src/serverms.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/shadow.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/sound.h
Examining data/assaultcube-1.2.0.2.1/source/src/soundlocation.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/soundscheduler.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/stream.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/texture.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/tools.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/tools.h
Examining data/assaultcube-1.2.0.2.1/source/src/tristrip.h
Examining data/assaultcube-1.2.0.2.1/source/src/varray.h
Examining data/assaultcube-1.2.0.2.1/source/src/vertmodel.h
Examining data/assaultcube-1.2.0.2.1/source/src/vote.h
Examining data/assaultcube-1.2.0.2.1/source/src/water.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/weapon.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/weapon.h
Examining data/assaultcube-1.2.0.2.1/source/src/winserviceinstaller.h
Examining data/assaultcube-1.2.0.2.1/source/src/wizard.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/world.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/world.h
Examining data/assaultcube-1.2.0.2.1/source/src/worldio.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/worldlight.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/worldocull.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/worldrender.cpp
Examining data/assaultcube-1.2.0.2.1/source/src/zip.cpp
FINAL RESULTS:
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:1625:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:1627:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:1675:12: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:1677:12: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf (stderr,
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:449:83: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(s->priority > -1000 && s->resolved && s->ping && (rev = s->updates.access(pck->requestname)) && *rev > maxrev)
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:319:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(m_szName, name); strcpy(m_szTeam, team); };
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:319:37: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
{ strcpy(m_szName, name); strcpy(m_szTeam, team); };
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:96:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szWPFileName, m_szMapName);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:304:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapname, m_szMapName);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:382:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szWPFileName, m_szMapName);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:497:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapname, m_szMapName);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:596:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szWPInfo, sz);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.h:126:41: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
void SetMapName(const char *map) { strcpy(m_szMapName, map); };
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:436:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szOutput, szDir1);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:437:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szOutput, DirSeperator);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:442:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szOutput, szDir2);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:443:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szOutput, DirSeperator);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:446:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(szOutput, szFileName);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:102:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(r, subst);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:108:63: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(MAXTRANS - strlen(result) > strlen(text) - (l - temp)) strcat(result, text + (l - temp));
data/assaultcube-1.2.0.2.1/source/src/command.cpp:72:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:76:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
id = &idents->access(init.name, init);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:101:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:125:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:140:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *b = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:146:17: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
idents->access(b.name, b);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:173:65: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
COMMANDF(isconst, "s", (const char *name) { ident *id = idents->access(name); intret(id && id->isconst ? 1 : 0); });
data/assaultcube-1.2.0.2.1/source/src/command.cpp:181:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
idents->access(name, v);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:189:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
idents->access(name, v);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:197:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
idents->access(name, v);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:202:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name); \
data/assaultcube-1.2.0.2.1/source/src/command.cpp:224:53: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
bool identexists(const char *name) { return idents->access(name)!=NULL; }
data/assaultcube-1.2.0.2.1/source/src/command.cpp:228:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *i = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:235:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:262:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:292:13: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
idents->access(name, c);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:391:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(n);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:520:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(c);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:787:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
completeval **val = completedata.access(key);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:806:45: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
completeval **hascomplete = completions.access(command);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:860:49: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
completeval **hascomplete = completions.access(command);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1336:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1378:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(name);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1598:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(doc) f->printf(id.type == ID_SVAR ? " // %s" : ", %s", doc);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1709:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(idname);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:175:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return keyms.access(code);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:190:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return keyms.access(sc);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:595:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
keym *haskey = keyms.access(keycode);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:596:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!haskey && !(keycode & SDLK_SCANCODE_MASK) && scancode) haskey = keyms.access(scancode | SDLK_SCANCODE_MASK); // keycode not found: maybe we know the scancode
data/assaultcube-1.2.0.2.1/source/src/console.cpp:931:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
else f->printf(keymaptab[i].keycode < SDLK_SCANCODE_MASK ? "%skeymap %d %s\n" : "%skeymap (sc %d) %s\n", c, keymaptab[i].keycode & (keymaptab[i].keycode > 0 ? (SDLK_SCANCODE_MASK-1) : -1), keymaptab[i].keyname);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1254:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curbuf, key);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1257:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curbuf, val);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1260:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(curbuf, com);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1280:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(signedmsg, "%s%s\n", certheader, bin2hex(hextemp, msgbuf, 64)); // header line
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1367:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(c->pubkey && certblacklist.access(c->pubkey))
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:147:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
docident *id = docidents.access(name);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:168:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
docident *id = docidents.access(name);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:229:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
docident &i = *docidents.access(inames[j]);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:258:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
docident *d = docidents.access(name);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:330:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(inames[i]);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:347:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(inames[i]);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:366:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *id = idents->access(inames[i]);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:468:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
curident = docidents.access(buf); // get doc entry
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:473:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ident *csident = idents->access(buf); // check for cs ident
data/assaultcube-1.2.0.2.1/source/src/master.cpp:180:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, fmt, args);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:188:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, fmt, args);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:496:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
userinfo *u = users.access(name);
data/assaultcube-1.2.0.2.1/source/src/md2.h:54:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int *idx = tchash.access(tckey);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:40:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = menus.access(name);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:66:15: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
m = menus.access(name);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:787:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = menus.access(name);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:827:22: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = menus.access(name);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:864:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = *menu ? menus.access(menu) : lastmenu;
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:922:24: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!menu || !menus.access(menu)) return;
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1016:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = *menu ? menus.access(menu) : lastmenu;
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1054:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
gmenu *m = *menu ? menus.access(menu) : NULL;
data/assaultcube-1.2.0.2.1/source/src/openal.cpp:368:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
sbuffer *b = access(name);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:320:44: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mapmodelattributes **mrp = mdlregistry.access(name), *mr = mrp ? *mrp : NULL, *r = mr;
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:336:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!mr) mdlregistry.access(r->name, r);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:375:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(mdlnotfound.access(name)) return NULL; // already tried to find that earlier -> not available
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:376:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
model **mm = mdllookup.access(name);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:398:33: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mdlnotfound.access(newstring(name), 0); // do not search for this name again
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:405:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mdllookup.access(m->name(), m);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:433:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mapmodelattributes **ap = mdlregistry.access(name), *a = ap ? *ap : NULL;
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:460:51: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
mapmodelattributes **ap = mdlregistry.access(name), *a = ap ? *ap : NULL;
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:19:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
font *f = fonts.access(name);
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:65:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
font *f = fonts.access(name);
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:76:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return fonts.access(name);
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:473:34: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(mnem && *mnem && !igraphs.access(mnem))
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:504:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(igraphsi.access(files[i])) delstring(files[i]);
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:518:26: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
igraph *ig = igraphs.access(mnem);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:747:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hdr.desc, desc);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:754:74: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strlen(hdr.plist) + strlen(ci->name) < DHDR_PLISTCHARS - 2) { strcat(hdr.plist, bl); strcat(hdr.plist, ci->name); }
data/assaultcube-1.2.0.2.1/source/src/server.cpp:754:97: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(strlen(hdr.plist) + strlen(ci->name) < DHDR_PLISTCHARS - 2) { strcat(hdr.plist, bl); strcat(hdr.plist, ci->name); }
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3564:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(vi->text,c->mapname);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4266:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(sscanf(cmd, "chalauth %u %s", &id, val) == 2) authchallenged(id, val);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4268:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if(sscanf(cmd, "addgban %s", val) == 1) addgban(val);
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:528:25: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(si->lang, text);
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:869:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(nkeys, k);
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1197:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(newkey, text);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1016:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int *i = whitelist.access(s);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1017:43: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!i) i = &whitelist.access(newstring(s), -1);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1095:30: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
int *idx = whitelist.access(c.name);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1205:31: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (num < 100 && (n = sscanf(s,"%s %s",s1,s2)) > 0 ) // no warnings
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:119:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(access(path, R_OK | (mode[0]=='w' || mode[0]=='a' ? W_OK : 0)) == -1) exists = false;
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:593:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char *fmt, ...)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:597:22: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int result = vfprintf(file, fmt, v);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:941:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf(const char *fmt, ...) // limited to MAXSTRLEN
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:410:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
Texture *t = textures.access(pname);
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:1047:27: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
revp = ht.access(l);
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:1049:25: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
else ht.access(newstring(l), rev);
data/assaultcube-1.2.0.2.1/source/src/tools.h:102:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsnprintf vsnprintf
data/assaultcube-1.2.0.2.1/source/src/tools.h:108:53: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define PRINTFARGS(fmt, args) __attribute__((format(printf, fmt, args)))
data/assaultcube-1.2.0.2.1/source/src/tools.h:638:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
T *access(const K &key)
data/assaultcube-1.2.0.2.1/source/src/tools.h:643:8: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
T &access(const K &key, const T &data)
data/assaultcube-1.2.0.2.1/source/src/tools.h:797:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
#define ftoa(s, f) sprintf(s, (f) == int(f) ? "%.1f" : "%.7g", f)
data/assaultcube-1.2.0.2.1/source/src/tools.h:908:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
virtual int printf(const char *fmt, ...) PRINTFARGS(2, 3) { return -1; }
data/assaultcube-1.2.0.2.1/source/src/tristrip.h:88:23: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
edges.access(e, i);
data/assaultcube-1.2.0.2.1/source/src/tristrip.h:100:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
ushort *owner = edges.access(e);
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:246:58: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
loopi(numverts) shareverts[i] = (ushort)idxs.access(verts[i], i);
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:267:40: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
uint &edge = edges.access(e1 | (e2<<16), ~0U);
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:184:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(argstr.getbuf());
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:953:38: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(!mapinfo.numelems || (mapinfo.access(mname) && !cmpf(cgzname, mapinfo[mname]))) world = (sqr *)ents.getbuf();
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:439:39: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if(zf->fullname) zipfiles.access(zf->fullname, zf);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:458:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
memfile *mf = memfiles.access(name);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:763:21: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return zipfiles.access(name) != NULL || memfiles.access(name) != NULL;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:763:54: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
return zipfiles.access(name) != NULL || memfiles.access(name) != NULL;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:770:28: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
memfile *mf = memfiles.access(name);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:772:29: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
zipfile **zf = zipfiles.access(name);
data/assaultcube-1.2.0.2.1/source/enet/packet.c:41:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (packet -> data, data, dataLength);
data/assaultcube-1.2.0.2.1/source/enet/packet.c:91:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newData, packet -> data, packet -> dataLength);
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:609:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (startCommand -> packet -> data + fragmentOffset,
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:731:8: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (startCommand -> packet -> data + fragmentOffset,
data/assaultcube-1.2.0.2.1/source/enet/protocol.c:1014:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (host -> packetData [1], header, headerSize);
data/assaultcube-1.2.0.2.1/source/enet/unix.c:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [2048];
data/assaultcube-1.2.0.2.1/source/enet/unix.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer [2048];
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:100:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(gamemusic->open(name))
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:131:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(gamemusic->open(name))
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:162:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(gamemusic->open(name))
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:831:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *soundcategories[SC_NUM + 1] = { "PAIN", "OWNPAIN", "WEAPON", "PICKUP", "MOVEMENT", "BULLET", "OTHER", "VOICECOM", "TEAM", "PUBLIC", "FFA", "FLAGONLY", "" };
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:48:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*priority) s->priority = atoi(priority);
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:83:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*u.port) h.set_port(atoi(u.port));
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:385:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*u.port) h.set_port(atoi(u.port));
data/assaultcube-1.2.0.2.1/source/src/bot/ac_bot_ai.cpp:327:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[64];
data/assaultcube-1.2.0.2.1/source/src/bot/ac_bot_ai.cpp:328:29: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "Ent z diff: %f", o.z-m_pMyEnt->o.z);
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:314:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szName[32];
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:315:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szTeam[32];
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:326:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szBotNames[150][16]; // Max 150 bot names with a length of 16 characters
data/assaultcube-1.2.0.2.1/source/src/bot/bot.h:328:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szBotTeams[20][5]; // Max 100 bot teams co a length of 5 characters
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:582:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:583:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "OldPos z diff: %f", m_vHuntLocation.z-m_pMyEnt->o.z);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:687:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:688:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "shootdelay: %d\n", (m_iShootDelay-lastmillis));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:990:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:991:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "Ent z diff: %f", v.z-m_pMyEnt->o.z);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:1251:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_ai.cpp:1252:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "stuck (%f)", GetDistance(m_vPrevOrigin));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_util.cpp:348:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(szFileName, "r");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:89:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWPFileName[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:90:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:97:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPFileName, ".wpt");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:286:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:287:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:292:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(header.szFileType, "cube_bot");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:305:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mapname, ".wpt");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:372:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWPFileName[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:373:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:383:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPFileName, ".exp");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:387:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bfp = fopen(filename, "rb");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:480:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:481:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[64];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:485:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(header.szFileType, "cube_bot");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:498:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(mapname, ".exp");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:502:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *bfp = fopen(filename, "wb");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:581:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szWPInfo[256];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:582:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szWPInfo, "Distance nearest waypoint: %f", GetDistance(player1->o, nearestwp->v_origin));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:585:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szWPInfo, "Flags: ");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:587:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPInfo, "Teleport ");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:589:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPInfo, "Teleport destination ");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:591:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPInfo, "Jump ");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:594:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[32];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:595:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "Trigger(nr %d) ", nearestwp->sTriggerNr);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:599:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPInfo, "In tagged cube(s) ");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:601:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(szWPInfo, "None");
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:608:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szWPInfo, "Waypoint has %d connections",
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szFileType[10];
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMapName[32]; // name of map for these waypoints
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.h:100:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_szMapName[32];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:89:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_szBotNames[i], "Bot");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameFileName[256];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:96:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(szNameFileName, "r");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameBuffer[256];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:185:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_szBotTeams[i], "b0ts");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameFileName[256];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:192:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp = fopen(szNameFileName, "r");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:193:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNameBuffer[256];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:305:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
CStoredBot *pStoredBot = new CStoredBot(bots[i]->name, (char *) team_string(bots[i]->team),
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:428:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szOutput, "bot\\");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:431:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(szOutput, "bot/");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char SkillFileName[256] = "";
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:462:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pSkillFile = fopen(SkillFileName, "r");
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:473:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd_line[256];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:751:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *SkillNames[5] = { "best", "good", "medium", "worse", "bad" };
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:947:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:1212:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sz[250];
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:1213:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sz, "dist: %f; hit: %d", GetDistance(from, tr.end), tr.collided);
data/assaultcube-1.2.0.2.1/source/src/client.cpp:335:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int version = atoi(text);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:87:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char result[MAXTRANS + 10];
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:389:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[1024];
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1372:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int cn = atoi(arg1);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1384:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int team = atoi(arg2);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1391:47: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
formatstring(out)(msg, mmfullname(atoi(arg1)));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1395:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
formatstring(out)(msg, atoi(arg1) == 0 ? "disable" : "enable");
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1399:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int n = atoi(arg2);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1403:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int time = atoi(arg3);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1456:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg1));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1461:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg2));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1462:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg3));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1474:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg1));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1475:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg2));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1482:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
putint(p, atoi(arg1));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1520:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int team = atoi(arg2);
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:393:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAXTRANS];
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:885:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->ammo, ammo, sizeof(ammo));
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:886:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->mag, mag, sizeof(mag));
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1483:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 1: gmode = atoi(pch); break;
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1484:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 2: mplay = atoi(pch); break;
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1485:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 3: mdrop = atoi(pch); break;
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1486:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 4: stamp = atoi(pch); break;
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1499:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAXTRANS];
data/assaultcube-1.2.0.2.1/source/src/command.cpp:461:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[2 * MAXSTRLEN];
data/assaultcube-1.2.0.2.1/source/src/command.cpp:490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *w[MAXWORDS], emptychar = '\0';
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1665:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *contextnames[IEXC_NUM + 1] = { "CORE", "CFG", "PROMPT", "MAPCFG", "MDLCFG", "" };
data/assaultcube-1.2.0.2.1/source/src/console.cpp:146:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *keycmds[keym::NUMACTIONS] = { "bind", "editbind", "specbind" };
data/assaultcube-1.2.0.2.1/source/src/console.cpp:637:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[pos], txt, txtlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:134:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->u + b->len, msg, fill);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:149:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->u + b->len, msg, len);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:181:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b->u, str, i);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:273:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(endmsg, msg, msglen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:473:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempbuf, entpool, len);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:474:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(entpool + ENTPOOLSIZE, entpool, 128);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:477:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, tempbuf, len);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:496:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp, salt, saltlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:497:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp + saltlen, pass, passlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:498:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp + saltlen + passlen, pass, passlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:499:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pp + saltlen + 2 * passlen, salt, saltlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:535:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(key, tmpbuf, min(keylen, tmpbuflen)); // max keylen is 2 * SHA512SIZE
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:574:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char az[64];
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:604:18: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(privpriv) memcpy(privpriv, temp + minescpos, 32);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:720:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk, priv, 32);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:721:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sk + 32, pub, 32);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:774:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hextemp[2 * preprivmaxlen + 1];
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:806:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preprivpwdcfg = numargs > 3 ? atoi(args[3]) : 0;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:813:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
privpwdcfg = numargs > 3 ? atoi(args[3]) : 0;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:858:48: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
preprivlen = clamp((numargs > 1) ? atoi(args[1]) : 42, preprivminlen, preprivmaxlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:945:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(priv + 32, pub, 32);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1128:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(workmsg, orgmsg, orglen + 1);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1161:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
signeddate = atoi(line.val);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1193:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(orgmsg, workmsg, certheaderlenfull); // restore original message
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hextemp[129];
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1281:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(signedmsg + certheaderlenfull, msgbuf + 64, len); // body
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1309:56: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(numargs > 1 && ((getauthkey(args[1]) && memcpy(keypair, getauthkey(args[1]), 32)) || (strlen(args[1]) == 64 && hex2bin(keypair, args[1], 32) == 32)))
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:29:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32]);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:30:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:131:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_unpack(fe25519 *r, const unsigned char x[32])
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:139:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void fe25519_pack(unsigned char r[32], const fe25519 *x)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:384:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32]);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:385:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16]);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:386:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64]);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:388:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:400:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:405:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:406:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:433:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char t[32];
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:499:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from32bytes(sc25519 *r, const unsigned char x[32])
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:508:63: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void shortsc25519_from16bytes(shortsc25519 *r, const unsigned char x[16])
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:514:53: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_from64bytes(sc25519 *r, const unsigned char x[64])
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:531:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_to32bytes(unsigned char r[32], const sc25519 *x)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:618:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window3(signed char r[85], const sc25519 *s)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:655:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_window5(signed char r[51], const sc25519 *s)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:692:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void sc25519_2interleave2(unsigned char r[127], const sc25519 *s1, const sc25519 *s2)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:718:58: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519 *r, const unsigned char p[32]);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:719:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519 *p);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:920:61: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int ge25519_unpackneg_vartime(ge25519_p3 *r, const unsigned char p[32])
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:967:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
void ge25519_pack(unsigned char r[32], const ge25519_p3 *p)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:990:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[127];
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:1040:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char b[85];
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:105:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
a.vararg = vararg && atoi(vararg) == 1 ? true : false;
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:278:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct spchar { char c; char repl[8]; } const spchars[] = { {'&', "&"}, {'<', "<"}, {'>', "gt;"}, {'"', """}, {'\'', "'"}};
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:292:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dc, spchars[i].repl, rlen);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:297:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(!specialc) memcpy(dc++, sc, 1);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:397:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int docs_parsecmd(const char *p, const char *pos, const char *w[MAXWORDS], int wl[MAXWORDS], bool outer, int *unmatched)
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:397:40: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int docs_parsecmd(const char *p, const char *pos, const char *w[MAXWORDS], int wl[MAXWORDS], bool outer, int *unmatched)
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:397:57: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int docs_parsecmd(const char *p, const char *pos, const char *w[MAXWORDS], int wl[MAXWORDS], bool outer, int *unmatched)
data/assaultcube-1.2.0.2.1/source/src/editing.cpp:420:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*yaw) player1->yaw = (atoi(yaw) % 360 + 360) % 360;
data/assaultcube-1.2.0.2.1/source/src/editing.cpp:421:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(*pitch) player1->pitch = atoi(pitch) % 90;
data/assaultcube-1.2.0.2.1/source/src/editing.cpp:452:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(b + 1, p->buf, p->maxlen);
data/assaultcube-1.2.0.2.1/source/src/entity.h:86:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct guninfo { char modelname[23], title[42]; short sound, reload, reloadtime, attackdelay, damage, piercing, projspeed, part, spread, recoil, magsize, mdl_kick_rot, mdl_kick_back, recoilincrease, recoilbase, maxrecoil, recoilbackfade, pushfactor; bool isauto; };
data/assaultcube-1.2.0.2.1/source/src/entity.h:99:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *killmessages[2][NUMGUNS];
data/assaultcube-1.2.0.2.1/source/src/http.cpp:235:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
response = p ? atoi(p + 1) : -1;
data/assaultcube-1.2.0.2.1/source/src/http.cpp:271:105: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((f = strstr(u, "CONTENT-LENGTH: ")) && (f = strchr(f, ' '))) contentlength = atoi(f + 1);
data/assaultcube-1.2.0.2.1/source/src/http.cpp:272:158: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((f = strstr(u, "CONTENT-RANGE: ")) && (n = strchr(f, LF)) && (f = strstr(f, "BYTES ")) && (f = strchr(f, ' ')) && f < n) offset = atoi(f + 1);
data/assaultcube-1.2.0.2.1/source/src/log.cpp:56:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filepath, "w");
data/assaultcube-1.2.0.2.1/source/src/main.cpp:339:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &tmpdst[tmpdstpitch * i], image->pitch);
data/assaultcube-1.2.0.2.1/source/src/main.cpp:358:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, &tmpdst[tmpdstpitch * (i + crop_h) + crop_w], image->pitch);
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1208:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 't': fullscreen = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1209:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'w': scr_w = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1210:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'h': scr_h = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1211:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'z': depthbits = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1212:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 's': stencilbits = atoi(&argv[i][2]); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1213:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'a': fsaa = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1214:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'v': vsync = atoi(a); break;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1403:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
clientloglinesremaining = atoi(scl.logident); // dual-use for scl.logident
data/assaultcube-1.2.0.2.1/source/src/master.cpp:91:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
buf += sprintf(buf, "%d", ip.b[i]);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:156:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[INPUT_LIMIT];
data/assaultcube-1.2.0.2.1/source/src/master.cpp:714:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(argc>=3 && argv[2][0]) port = atoi(argv[2]);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:720:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(logname, "a");
data/assaultcube-1.2.0.2.1/source/src/md2.h:28:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/assaultcube-1.2.0.2.1/source/src/md2.h:117:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m.tcverts, tcgen.getbuf(), m.numverts*sizeof(tcvert));
data/assaultcube-1.2.0.2.1/source/src/md2.h:120:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(m.tris, trigen.getbuf(), m.numtris*sizeof(tri));
data/assaultcube-1.2.0.2.1/source/src/md3.h:9:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/assaultcube-1.2.0.2.1/source/src/md3.h:27:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/assaultcube-1.2.0.2.1/source/src/md3.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/assaultcube-1.2.0.2.1/source/src/md3.h:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/assaultcube-1.2.0.2.1/source/src/md3.h:38:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/assaultcube-1.2.0.2.1/source/src/md3.h:84:21: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tags[i].transform, tag.rotation, sizeof(tag.rotation));
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:29:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(setcurmenu((gmenu *)m)) curmenu->open();
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:750:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
checked = (r && atoi(r) > 0);
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1068:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col->r = ((float) atoi(r)) / 100; // red green blue
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1069:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col->g = ((float) atoi(g)) / 100; // red green blue alpha
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1070:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col->b = ((float) atoi(b)) / 100;
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1071:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
col->alpha = a[0] ? ((float) atoi(a)) / 100 : 1.0;
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1270:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void gmenu::open()
data/assaultcube-1.2.0.2.1/source/src/model.h:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *n[MMA_NUM];
data/assaultcube-1.2.0.2.1/source/src/oggstream.cpp:107:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool oggstream::open(const char *f)
data/assaultcube-1.2.0.2.1/source/src/oggstream.cpp:156:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pcm[BUFSIZE];
data/assaultcube-1.2.0.2.1/source/src/openal.cpp:290:25: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZE];
data/assaultcube-1.2.0.2.1/source/src/protocol.cpp:185:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, &p.buf[p.len], size);
data/assaultcube-1.2.0.2.1/source/src/protocol.h:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *messagenames[SV_NUM];
data/assaultcube-1.2.0.2.1/source/src/protos.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *name, *actions[NUMACTIONS];
data/assaultcube-1.2.0.2.1/source/src/protos.h:263:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open();
data/assaultcube-1.2.0.2.1/source/src/protos.h:296:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang[3];
data/assaultcube-1.2.0.2.1/source/src/protos.h:301:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char uplinkstats[MAXCLIENTS + 1];
data/assaultcube-1.2.0.2.1/source/src/protos.h:615:60: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct discscore { int team, flags, frags, deaths, points; char name[MAXNAMELEN + 1]; };
data/assaultcube-1.2.0.2.1/source/src/protos.h:844:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *particletypenames[MAXPARTYPES + 1];
data/assaultcube-1.2.0.2.1/source/src/protos.h:1091:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char magic[16];
data/assaultcube-1.2.0.2.1/source/src/protos.h:1093:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[DHDR_DESCCHARS];
data/assaultcube-1.2.0.2.1/source/src/protos.h:1094:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plist[DHDR_PLISTCHARS];
data/assaultcube-1.2.0.2.1/source/src/protos.h:1154:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ai = atoi(a);
data/assaultcube-1.2.0.2.1/source/src/protos.h:1169:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ai = atoi(arg+16);
data/assaultcube-1.2.0.2.1/source/src/protos.h:1174:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int ai = atoi(arg+13);
data/assaultcube-1.2.0.2.1/source/src/protos.h:1190:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'F': filethres = atoi(a + 1); break;
data/assaultcube-1.2.0.2.1/source/src/protos.h:1191:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
case 'S': syslogthres = atoi(a + 1); break;
data/assaultcube-1.2.0.2.1/source/src/protos.h:1200:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ai = atoi(&arg[3])) >= 30) afk_limit = ai * 1000;
data/assaultcube-1.2.0.2.1/source/src/protos.h:1205:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((ai = atoi(&arg[3])) >= 0) ban_time = ai * 60 * 1000;
data/assaultcube-1.2.0.2.1/source/src/rendergl.cpp:460:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pxfixed[0], &pxfixed[1], 1);
data/assaultcube-1.2.0.2.1/source/src/renderhud.cpp:164:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *crosshairnames[CROSSHAIR_NUM + 1]; // filled in main.cpp
data/assaultcube-1.2.0.2.1/source/src/renderhud.cpp:190:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *oldcrosshairnames[CROSSHAIR_NUM + 1] = { "default", "teammate", "scope", "knife", "pistol", "carbine", "shotgun", "smg", "sniper", "ar", "cpistol", "grenades", "akimbo", "" };
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:899:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path+strlen(path)-3, "png");
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:905:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(path+strlen(path)-3, "png");
data/assaultcube-1.2.0.2.1/source/src/renderparticles.cpp:249:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *particletypenames[MAXPARTYPES + 1] = { "SPARK", "SMOKE", "ECLOSEST", "BLOOD", "DEMOTRACK", "FIREBALL", "SHOTLINE", "BULLETHOLE", "BLOODSTAIN", "SCORCH", // 0..9
data/assaultcube-1.2.0.2.1/source/src/rendertext.cpp:395:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char colorstack[10];
data/assaultcube-1.2.0.2.1/source/src/server.cpp:2218:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXTRANS];
data/assaultcube-1.2.0.2.1/source/src/server.cpp:2758:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MAXTRANS];
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3710:45: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
changematchteamsize(atoi(text));
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3876:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char chokelog[MAXCLIENTS + 1] = { 0 };
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4068:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hn[1024];
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang[3];
data/assaultcube-1.2.0.2.1/source/src/server.h:234:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lang[3];
data/assaultcube-1.2.0.2.1/source/src/server.h:419:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *messagenames[SV_NUM] =
data/assaultcube-1.2.0.2.1/source/src/server.h:542:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *gunnames[NUMGUNS + 1];
data/assaultcube-1.2.0.2.1/source/src/server.h:547:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *killmessages[2][NUMGUNS] =
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:118:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(mode != atoi(h + 1)) continue;
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:122:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if(mode == atoi(h+1))
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:453:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[MAXTRANS];
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char alx[FC_NUM];
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:820:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return si.map[0] && si.mode == atoi(key + 1);
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:826:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return si.ping > atoi(key + 1);
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:907:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *alx[FC_NUM], *sep = " \t\n\r";
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:913:93: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loopi(FC_NUM) { alx[i] = getalias(favcatargname(favcats[j], i)); alxn[i] = alx[i] ? atoi(alx[i]) : 0; }
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1137:22: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *titles[NUMSERVSORT] =
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maptitle[129];
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:88:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cfgrawgz, staticbuffer, cfggzlen);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:110:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maptitle, h->maptitle, 128);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:226:34: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
loopi(n) memcpy(ss++, tt, sizeof(servsqr));
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:231:25: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ss, tt, sizeof(servsqr));
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:353:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(layoutgz, staticbuffer + layoutlen, layoutgzlen);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:574:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, cgzdata, cgzsize);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:575:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + cgzsize, gzbuf, cfgsizegz);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:597:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, ndata, datasize);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:602:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "wb");
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:609:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "wb");
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:836:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((l = strtok_r(NULL, sep, &b)) != NULL) c.par[i] = atoi(l);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1190:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entries[100][2][FORBIDDENSIZE+1]; // 100 entries and 2 words per entry is more than enough
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1295:72: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((l = strtok_r(NULL, sep, &b)) != NULL) par[i] = atoi(l);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1354:47: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
struct serverinfotext { const char *type; char lang[3]; char *info; int lastcheck; };
data/assaultcube-1.2.0.2.1/source/src/serverms.cpp:172:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servername[30]; memset(servername,'\0',30); filtertext(servername, global_name, FTXT__GLOBALNAME, 20);
data/assaultcube-1.2.0.2.1/source/src/sound.h:240:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *f);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:547:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(const char *name, const char *mode)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:550:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, mode);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:570:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, mode);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:572:16: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
file = tmpfile();
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:704:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(stream *f, const char *mode, bool needclose, int level)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:923:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data->getbuf() + pointer, got);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:934:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data->getbuf() + pointer, buf, len);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1002:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, data + pointer, got);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1026:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!file->open(filename, mode))
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1067:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!gz->open(source, mode, !file, level)) { if(!file) delete source; delete gz; return NULL; }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1102:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname1[MAXSTRLEN * 2], fname2[MAXSTRLEN] = "";
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:910:33: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if(n > exts_n[0]) ((char *)b)[n - exts_n[0]] = '\0';
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:313:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char res[LARGEST_FACTOR + 1];
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:454:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maplayout, testlayout, layoutsize * sizeof(char));
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:1039:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if((m = strchr(l, ' ')) && (rev = atoi(m + 1))) // string has a space and a number != 0 after it
data/assaultcube-1.2.0.2.1/source/src/tools.h:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char string[MAXSTRLEN];
data/assaultcube-1.2.0.2.1/source/src/tools.h:148:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char uc[4];
data/assaultcube-1.2.0.2.1/source/src/tools.h:218:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf[len], vals, min(maxlen-len, numvals)*sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:226:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(vals, &buf[len], read*sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:436:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, buf, olen*sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:761:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data + in, e, n1 * sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:762:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(n2) memcpy(data, e + n1, n2 * sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:796:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
#define itoa(s, i) sprintf(s, "%d", i)
data/assaultcube-1.2.0.2.1/source/src/tools.h:880:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ip, &big, 4);\
data/assaultcube-1.2.0.2.1/source/src/tools.h:882:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
else memcpy(&ip, &address, 4);\
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:175:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dynidx, idxs.getbuf(), idxs.length()*sizeof(ushort));
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dyndraws, draws.getbuf(), draws.length()*sizeof(drawcall));
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:724:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ntags[(numtags + 1)*i], &tags[numtags*i], numtags*sizeof(tag));
data/assaultcube-1.2.0.2.1/source/src/weapon.cpp:1343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gunstats[64];
data/assaultcube-1.2.0.2.1/source/src/weapon.cpp:1344:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(gunstats, "%d", mag);
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:106:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *script = fopen(outfile, "w");
data/assaultcube-1.2.0.2.1/source/src/world.cpp:937:32: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
sqr *worldbackup = (sqr *) memcpy(new sqr[ssize*ssize], world, ssize*ssize*sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/world.cpp:941:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(world, worldbackup, ssize*ssize*sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/world.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char head[4]; // "CUBE"
data/assaultcube-1.2.0.2.1/source/src/world.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maptitle[128];
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:191:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
loopi(n) memcpy(s++, t, sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:198:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, t, sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:251:105: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
headerextra(int l, int f, uchar *d) : len(l), flags(f), data(NULL) { if(d) { data = new uchar[len]; memcpy(data, d, len); } }
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(q.buf, buf.getbuf(), q.maxlen);
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:632:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ecu, ec.getbuf(), ec.length());
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:945:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e, &tempents[i], sizeof(persistent_entity));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:982:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texuse[256];
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1219:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(world, ::world, cubicsize * sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1245:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&e, &ents[i], sizeof(persistent_entity));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1264:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(::world, world, cubicsize * sizeof(sqr));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1476:51: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(hexbin.length() == sizeof(header)) memcpy(&xmjigsaw->hdr, hexbin.getbuf(), sizeof(header));
data/assaultcube-1.2.0.2.1/source/src/worldlight.cpp:364:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
loopirev(s.ys) { memcpy(q, r, bs); q += s.xs; r += ssize; }
data/assaultcube-1.2.0.2.1/source/src/worldlight.cpp:427:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
loopirev(b.ys) { memcpy(r, q, bs); r += ssize; q += b.xs; }
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:150:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pname, src, namelen);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:240:10: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool open(ziparchive *a, zipfile *zf)
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:464:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mf->buf, data, len);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:696:74: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loopv(files) if(!strncasecmp(files[i], modrev, modrevlen)) res = atoi(files[i] + modrevlen);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:735:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(s->open(arch, &arch->files[n])) return s;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:776:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(s->open((*zf)->location, *zf)) return s;
data/assaultcube-1.2.0.2.1/source/enet/unix.c:134:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, addr, nameLength);
data/assaultcube-1.2.0.2.1/source/enet/unix.c:168:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, hostEntry -> h_name, nameLength);
data/assaultcube-1.2.0.2.1/source/enet/win32.c:82:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, addr, nameLength);
data/assaultcube-1.2.0.2.1/source/enet/win32.c:99:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (name, hostEntry -> h_name, nameLength);
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:45:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(const ALchar *c = devices; *c; c += strlen(c)+1)
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:851:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int mapsoundbasepath_n = strlen(mapsoundbasepath), mapsoundfinalpath_n = strlen(mapsoundfinalpath);
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:851:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const int mapsoundbasepath_n = strlen(mapsoundbasepath), mapsoundfinalpath_n = strlen(mapsoundfinalpath);
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:997:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pn = strlen("packages/audio/ambience/");
data/assaultcube-1.2.0.2.1/source/src/audiomanager.cpp:1004:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sn = strlen(s);
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:256:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(upath) > 100 || strcmp(upath, pck->name) || (checkprefix && strncmp(pck->name, checkprefix, strlen(checkprefix))) || (type == PCK_MOD && !validzipmodname(upath)))
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:256:107: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(upath) > 100 || strcmp(upath, pck->name) || (checkprefix && strncmp(pck->name, checkprefix, strlen(checkprefix))) || (type == PCK_MOD && !validzipmodname(upath)))
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:262:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(forceext && strlen(pck->name) > strlen(forceext) && !strcmp(pck->name + strlen(pck->name) - strlen(forceext), forceext)) forceext = NULL; // filename already has required extension
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:262:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(forceext && strlen(pck->name) > strlen(forceext) && !strcmp(pck->name + strlen(pck->name) - strlen(forceext), forceext)) forceext = NULL; // filename already has required extension
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:262:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(forceext && strlen(pck->name) > strlen(forceext) && !strcmp(pck->name + strlen(pck->name) - strlen(forceext), forceext)) forceext = NULL; // filename already has required extension
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:262:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(forceext && strlen(pck->name) > strlen(forceext) && !strcmp(pck->name + strlen(pck->name) - strlen(forceext), forceext)) forceext = NULL; // filename already has required extension
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:307:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int zlen = (int)strlen(zname), elen = (int)strlen(pck->exts[n]);
data/assaultcube-1.2.0.2.1/source/src/autodownload.cpp:307:68: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int zlen = (int)strlen(zname), elen = (int)strlen(pck->exts[n]);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:108:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&header, sizeof(header));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:130:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&WPs[i], sizeof(WPs[0]));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:148:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&num, sizeof(num));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:161:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&path_index, sizeof(path_index));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:186:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&from, sizeof(from)); // Read origin
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:187:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&flags, sizeof(flags)); // Read waypoint flags
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:188:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&triggernr, sizeof(triggernr)); // Read trigger nr
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:189:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&yaw, sizeof(yaw)); // Read target yaw
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:207:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&num, sizeof(num));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:208:36: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&from, sizeof(from));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:219:60: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
for(j=0;j<num;j++) bfp->read(&to, sizeof(to)); // Read rest of block
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:225:41: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bfp->read(&to, sizeof(to));
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:301:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header.szMapName, m_szMapName, sizeof(header.szMapName)-1);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:494:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(header.szMapName, m_szMapName, 31);
data/assaultcube-1.2.0.2.1/source/src/bot/bot_waypoint.cpp:600:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szWPInfo) == 7)
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:115:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
short length = (short)strlen(szNameBuffer);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:138:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szNameBuffer) >= 16)
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:204:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
short length = (short)strlen(szNameBuffer);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:482:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(pSkillFile);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:486:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(pSkillFile);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:495:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(pSkillFile);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:499:22: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(pSkillFile);
data/assaultcube-1.2.0.2.1/source/src/bot/botmanager.cpp:506:18: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ch = fgetc(pSkillFile); // skip the linefeed
data/assaultcube-1.2.0.2.1/source/src/client.cpp:226:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!toteam && text[0] == '%' && strlen(text) > 1) text++; // convert team-text to normal-text if no team-mode is active
data/assaultcube-1.2.0.2.1/source/src/client.cpp:579:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sendstring(!lang || strlen(lang) != 2 ? "" : lang, p);
data/assaultcube-1.2.0.2.1/source/src/client.cpp:732:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strstr(map, "maps/")==map || strstr(map, "maps\\")==map) map += strlen("maps/");
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:98:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(MAXTRANS - strlen(result) > strlen(subst) + (s - l))
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:98:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(MAXTRANS - strlen(result) > strlen(subst) + (s - l))
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:104:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = s + strlen(s);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:108:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(MAXTRANS - strlen(result) > strlen(text) - (l - temp)) strcat(result, text + (l - temp));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:108:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(MAXTRANS - strlen(result) > strlen(text) - (l - temp)) strcat(result, text + (l - temp));
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1015:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pl) loopi(NUMGUNS) concatformatstring(weapstring, "%s%d %d", strlen(weapstring) ? " " : "", pl->pstatshots[i], pl->pstatdamage[i]);
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1509:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!arg1 || !isdigit(arg1[0]) || !arg2 || strlen(arg2) <= 3 || !multiplayer(NULL))
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1702:179: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formatstring(m.cmd)("%s %d%s", menu==kickmenu ? "kick" : (menu==banmenu ? "ban" : (menu==forceteammenu ? "forceteam" : "giveadmin")), i, (menu==kickmenu||menu==banmenu)?(strlen(kbr)>8?kbr:" NONE"):""); // 8==3 + "format-extra-chars"
data/assaultcube-1.2.0.2.1/source/src/clientgame.cpp:1835:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t n = args ? strlen(args)+1 : 0;
data/assaultcube-1.2.0.2.1/source/src/clients2c.cpp:1513:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
data += strlen(text);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:289:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(sig) < 9);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:361:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(n) res.put(n, strlen(n)), delete[] n;
data/assaultcube-1.2.0.2.1/source/src/command.cpp:436:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopj(n) len += wlen.add((int)strlen(w[j]));
data/assaultcube-1.2.0.2.1/source/src/command.cpp:441:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(r, w[i], wlen[i]); // make string-list out of all arguments
data/assaultcube-1.2.0.2.1/source/src/command.cpp:466:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i += strlen(t) + 1;
data/assaultcube-1.2.0.2.1/source/src/command.cpp:563:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
switch(strlen(id->sig)) // use very ad-hoc function signature, and just call it
data/assaultcube-1.2.0.2.1/source/src/command.cpp:714:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nickcompletesize = (int)strlen(cp);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:777:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirlen = (int)strlen(dir);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:798:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirlen = (int)strlen(dir);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:880:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
completesize = (int)strlen(cp);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1233:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(key);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1249:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(int(strlen(e)) == len && !strncmp(e, key, len)) return i;
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1264:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
COMMANDF(strlen, "s", (char *s) { intret(strlen(s)); });
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1264:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
COMMANDF(strlen, "s", (char *s) { intret(strlen(s)); });
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1269:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int start = *_start, len = *_len, textlen = (int)strlen(text);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1275:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(len >= 0 && len < int(strlen(text + start))) (text + start)[len] = '\0'; // cut text at len, if too long
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1287:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.put(replace, strlen(replace));
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1288:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text = o + strlen(search);
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1290:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.put(text, strlen(text));
data/assaultcube-1.2.0.2.1/source/src/command.cpp:1529:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t np = strlen(prefix);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:138:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x >= 0) draw_text(s, x, y, 0xFF, 0xFF, 0xFF, 0xFF, cmdline.pos>=0 ? cmdline.pos + strlen(useprompt) + 1 : (int)strlen(s), w);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:138:121: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (x >= 0) draw_text(s, x, y, 0xFF, 0xFF, 0xFF, 0xFF, cmdline.pos>=0 ? cmdline.pos + strlen(useprompt) + 1 : (int)strlen(s), w);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:286:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
names.put(km.name, strlen(km.name));
data/assaultcube-1.2.0.2.1/source/src/console.cpp:377:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cmdline.pos >= (int)strlen(cmdline.buf)) cmdline.pos = -1;
data/assaultcube-1.2.0.2.1/source/src/console.cpp:522:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cmdline.pos >= 0 && cmdline.pos >= (int)strlen(cmdline.buf)) cmdline.pos = -1;
data/assaultcube-1.2.0.2.1/source/src/console.cpp:630:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buflen = (int)strlen(buf), txtlen = (int)strlen(txt);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:630:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int buflen = (int)strlen(buf), txtlen = (int)strlen(txt);
data/assaultcube-1.2.0.2.1/source/src/console.cpp:633:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if(pos < 0) strncpy(buf + buflen, txt, txtlen);
data/assaultcube-1.2.0.2.1/source/src/console.h:62:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf)) pos = 0;
data/assaultcube-1.2.0.2.1/source/src/console.h:71:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(buf);
data/assaultcube-1.2.0.2.1/source/src/console.h:80:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = (int)strlen(buf), i = pos>=0 ? pos : len;
data/assaultcube-1.2.0.2.1/source/src/console.h:90:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(pos < 0) pos = (int)strlen(buf)-1;
data/assaultcube-1.2.0.2.1/source/src/console.h:94:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(pos>=0 && ++pos>=(int)strlen(buf)) pos = -1;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:292:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512(hash, (uchar*)msg, strlen(msg));
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:303:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tigerhash_add((uchar *)&hash, msg, (int)strlen(msg), s);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:320:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tiger::hash((uchar *)msg, (int)strlen(msg), hash);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:322:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sha512(shash, (uchar*)msg, strlen(msg));
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:492:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int memsize = (1<<20) * memusage, passlen = strlen(pass), tmpbuflen = 2 * SHA512SIZE, pplen = 2 * (saltlen + passlen);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:680:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int linelen = strlen(l), msglen = 0;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:803:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
preprivlen = numargs > 1 ? clamp(int(strlen(args[1])) / 2, preprivminlen, preprivmaxlen) : 32;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:976:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*aname && strlen(privkey) == 64 && hex2bin(sk, privkey, 32) == 32)
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1108:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static const int certheaderlen = strlen(certheader), certheaderlenfull = certheaderlen + 128 + 1;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1157:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(strlen(line.val) == 64 && (signedby = (uchar*)line.val) && hex2bin(signedby, orgmsg + (line.val - workmsg), 32) == 32)) signedby = NULL;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1165:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!(strlen(line.val) == 64 && (pubkey = (uchar*)line.val) && hex2bin(pubkey, orgmsg + (line.val - workmsg), 32) == 32)) pubkey = NULL;
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1249:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int keylen = strlen(key), vallen = strlen(val), comlen = strlen(com);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1249:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int keylen = strlen(key), vallen = strlen(val), comlen = strlen(com);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1249:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int keylen = strlen(key), vallen = strlen(val), comlen = strlen(com);
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1309:102: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(numargs > 1 && ((getauthkey(args[1]) && memcpy(keypair, getauthkey(args[1]), 32)) || (strlen(args[1]) == 64 && hex2bin(keypair, args[1], 32) == 32)))
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1315:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->write(msg, strlen(msg));
data/assaultcube-1.2.0.2.1/source/src/crypto.cpp:1510:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tiger::hash((uchar *)temp, (int)strlen(temp), hash);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:47:17: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static uint32_t equal(uint32_t a,uint32_t b) /* 16-bit inputs */
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:118:16: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
uint32_t m = equal(r->v[31],127);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:120:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
m &= equal(r->v[i],255);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:154:7: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r = equal(t.v[0],0);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:156:10: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
r &= equal(t.v[i],0);
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:876:22: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static unsigned char equal(signed char b,signed char c)
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:899:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:899:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+1],equal(b,1) | equal(b,-1));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:900:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:900:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+2],equal(b,2) | equal(b,-2));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:901:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:901:68: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+3],equal(b,3) | equal(b,-3));
data/assaultcube-1.2.0.2.1/source/src/crypto_tools.h:902:55: [1] (buffer) equal:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
cmov_aff(t, &ge25519_base_multiples_affine[5*pos+4],equal(b,-4));
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:93:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUGCODE(if(strlen(desc) > 111) clientlogf("docident: very long description for ident %s (%d)", name, (int)strlen(desc)));
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:93:113: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DEBUGCODE(if(strlen(desc) > 111) clientlogf("docident: very long description for ident %s (%d)", name, (int)strlen(desc)));
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:104:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
a.values = values && strlen(values) ? newstring(values) : NULL;
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:132:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
e.explanation = explanation && strlen(explanation) ? newstring(explanation) : NULL;
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:289:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t rlen = strlen(spchars[i].repl);
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:318:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->printf("<?xml-stylesheet type=\"text/xsl\" href=\"%s\"?>\n", transformation && strlen(transformation) ? transformation : "transformations/cuberef2xhtml.xslt");
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:319:196: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->printf("<cuberef xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" name=\"%s\" version=\"v0.1\" xsi:schemaLocation=\"%s\" xmlns=\"http://cubers.net/Schemas/CubeRef\">\n", ref && strlen(ref) ? ref : "Unnamed Reference", schemalocation && strlen(schemalocation) ? schemalocation : "http://cubers.net/Schemas/CubeRef schemas/cuberef.xsd");
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:319:255: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f->printf("<cuberef xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\" name=\"%s\" version=\"v0.1\" xsi:schemaLocation=\"%s\" xmlns=\"http://cubers.net/Schemas/CubeRef\">\n", ref && strlen(ref) ? ref : "Unnamed Reference", schemalocation && strlen(schemalocation) ? schemalocation : "http://cubers.net/Schemas/CubeRef schemas/cuberef.xsd");
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:337:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopi(strlen(id->sig))
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:459:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *pos = exp + (cmdpos < 0 ? strlen(exp) : cmdpos), *w[MAXWORDS];
data/assaultcube-1.2.0.2.1/source/src/docs.cpp:564:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopi(strlen(csident->sig)) switch(csident->sig[i])
data/assaultcube-1.2.0.2.1/source/src/http.cpp:221:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t headendlen = strlen(lfcrlf);
data/assaultcube-1.2.0.2.1/source/src/http.cpp:391:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *p, *s = buf = newstring(newurl, strlen(newurl) + 3);
data/assaultcube-1.2.0.2.1/source/src/http.cpp:418:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(s + 2, s, strlen(s) + 1);
data/assaultcube-1.2.0.2.1/source/src/http.cpp:434:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t pl = strlen(path);
data/assaultcube-1.2.0.2.1/source/src/jpegenc.h:528:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (WORD) strlen((const char *)comment);
data/assaultcube-1.2.0.2.1/source/src/log.cpp:101:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf.dataLength = strlen(text);
data/assaultcube-1.2.0.2.1/source/src/main.cpp:275:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
writepngchunk(f, "tEXt", scores - 8, strlen(scores) + 8);
data/assaultcube-1.2.0.2.1/source/src/main.cpp:988:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(*prefix && strncmp((*files)[i], prefix, strlen(prefix))) continue;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1004:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) > 4 && !strcmp(filename + strlen(filename) - 4, ".cfg"))
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1004:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(filename) > 4 && !strcmp(filename + strlen(filename) - 4, ".cfg"))
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1061:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *buf = new char[strlen(src) + 1], *dst = buf;
data/assaultcube-1.2.0.2.1/source/src/main.cpp:1344:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(s, sizeof(string));
data/assaultcube-1.2.0.2.1/source/src/master.cpp:211:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!len) len = strlen(msg);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:278:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->buf.put(cmd, strlen(cmd));
data/assaultcube-1.2.0.2.1/source/src/master.cpp:289:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->buf.put(header, strlen(header));
data/assaultcube-1.2.0.2.1/source/src/master.cpp:291:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cmdlen = strlen(cmd);
data/assaultcube-1.2.0.2.1/source/src/master.cpp:582:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf(c.input, "reqauth %u %100s", &id, user) == 2)
data/assaultcube-1.2.0.2.1/source/src/master.cpp:586:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
else if(sscanf(c.input, "confauth %u %100s", &id, val) == 2)
data/assaultcube-1.2.0.2.1/source/src/md2.h:88:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file->read(&header, sizeof(md2_header));
data/assaultcube-1.2.0.2.1/source/src/md2.h:105:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int numglcommands = (int)file->read(glcommands, sizeof(int)*header.numglcommands)/sizeof(int);
data/assaultcube-1.2.0.2.1/source/src/md2.h:131:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file->read(&frame, sizeof(md2_frame));
data/assaultcube-1.2.0.2.1/source/src/md2.h:134:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
file->read(tmpverts, sizeof(md2_vertex)*header.numvertices);
data/assaultcube-1.2.0.2.1/source/src/md3.h:59:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&header, sizeof(md3header));
data/assaultcube-1.2.0.2.1/source/src/md3.h:80:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&tag, sizeof(md3tag));
data/assaultcube-1.2.0.2.1/source/src/md3.h:98:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&mheader, sizeof(md3meshheader));
data/assaultcube-1.2.0.2.1/source/src/md3.h:117:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&tri, sizeof(md3triangle)); // read the triangles
data/assaultcube-1.2.0.2.1/source/src/md3.h:125:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(m.tcverts, 2*sizeof(float)*m.numverts); // read the UV data
data/assaultcube-1.2.0.2.1/source/src/md3.h:133:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&v, sizeof(md3vertex)); // read the vertices
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:411:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int cibl = (int)strlen(input.buf); // current input-buffer length
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1229:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool isplayermodel = !strncmp(m.mdl, "playermodels", strlen("playermodels"));
data/assaultcube-1.2.0.2.1/source/src/menus.cpp:1230:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool isweapon = !strncmp(m.mdl, "weapons", strlen("weapons"));
data/assaultcube-1.2.0.2.1/source/src/oggstream.cpp:12:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return s ? s->read(ptr, int(size*nmemb))/size : 0;
data/assaultcube-1.2.0.2.1/source/src/openal.cpp:275:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(filepath);
data/assaultcube-1.2.0.2.1/source/src/protocol.cpp:361:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s) == 2)
data/assaultcube-1.2.0.2.1/source/src/protocol.cpp:371:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int n = (int)strlen(s) - 1; n >= 0 && isspace(s[n]); n--)
data/assaultcube-1.2.0.2.1/source/src/protos.h:1121:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual void read() {}
data/assaultcube-1.2.0.2.1/source/src/protos.h:1260:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1;
data/assaultcube-1.2.0.2.1/source/src/rendergl.cpp:35:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(ext);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:110:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *mmshortname(const char *name) { return !strncmp(name, mmpath, strlen(mmpath)) ? name + strlen(mmpath) : name; }
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:110:100: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *mmshortname(const char *name) { return !strncmp(name, mmpath, strlen(mmpath)) ? name + strlen(mmpath) : name; }
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:318:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strchr(name, ' ') && !strncmp(name, mmpath, strlen(mmpath))) name += strlen(mmpath); // for now: ignore mapmodels with spaces in the path (next release: ban them)
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:318:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strchr(name, ' ') && !strncmp(name, mmpath, strlen(mmpath))) name += strlen(mmpath); // for now: ignore mapmodels with spaces in the path (next release: ban them)
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:394:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(trydl && !strncmp(name, mmpath, strlen(mmpath))) requirepackage(PCK_MAPMODEL, name);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:899:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(path+strlen(path)-3, "png");
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:905:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(path+strlen(path)-3, "png");
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:1032:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int suflen = (int)strlen(suf), namelen = (int)strlen(name);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:1032:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int suflen = (int)strlen(suf), namelen = (int)strlen(name);
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:1037:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int sl = (int)strlen(s) - suflen;
data/assaultcube-1.2.0.2.1/source/src/rendermodel.cpp:1108:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *mn = files[i] + strlen("packages/models/");
data/assaultcube-1.2.0.2.1/source/src/scoreboard.cpp:365:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bool fldrprefix = !strncmp(getclientmap(), "maps/", strlen("maps/"));
data/assaultcube-1.2.0.2.1/source/src/scoreboard.cpp:366:117: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formatstring(modeline)("\"%s\" on map %s", modestr(gamemode, modeacronyms > 0), fldrprefix ? getclientmap()+strlen("maps/") : getclientmap());
data/assaultcube-1.2.0.2.1/source/src/scoreboard.cpp:442:80: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static void addstr(char *&dest, const char *end, const char *src) { size_t l = strlen(src); if(dest + l < end) copystring(dest, src, l + 1), dest += l; }
data/assaultcube-1.2.0.2.1/source/src/server.cpp:587:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mc = strlen(DEMOFORMAT);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:693:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
demotmp->read(d.data, len);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:744:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(desc) > DHDR_DESCCHARS)
data/assaultcube-1.2.0.2.1/source/src/server.cpp:754:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(hdr.plist) + strlen(ci->name) < DHDR_PLISTCHARS - 2) { strcat(hdr.plist, bl); strcat(hdr.plist, ci->name); }
data/assaultcube-1.2.0.2.1/source/src/server.cpp:754:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(hdr.plist) + strlen(ci->name) < DHDR_PLISTCHARS - 2) { strcat(hdr.plist, bl); strcat(hdr.plist, ci->name); }
data/assaultcube-1.2.0.2.1/source/src/server.cpp:857:27: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if(demoplayback->read(&hdr, sizeof(demoheader))!=sizeof(demoheader) || memcmp(hdr.magic, DEMO_MAGIC, sizeof(hdr.magic)))
data/assaultcube-1.2.0.2.1/source/src/server.cpp:880:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(demoplayback->read(&nextplayback, sizeof(nextplayback))!=sizeof(nextplayback))
data/assaultcube-1.2.0.2.1/source/src/server.cpp:894:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(demoplayback->read(&chan, sizeof(chan))!=sizeof(chan) ||
data/assaultcube-1.2.0.2.1/source/src/server.cpp:895:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
demoplayback->read(&len, sizeof(len))!=sizeof(len))
data/assaultcube-1.2.0.2.1/source/src/server.cpp:903:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!packet || demoplayback->read(packet->data, len)!=len)
data/assaultcube-1.2.0.2.1/source/src/server.cpp:911:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(demoplayback->read(&nextplayback, sizeof(nextplayback))!=sizeof(nextplayback))
data/assaultcube-1.2.0.2.1/source/src/server.cpp:1383:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cl->saychars += (int)strlen(text);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3572:29: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vi->text,text,MAXTRANS-1);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3589:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vi->text,text,128);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3600:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vi->text,text,128);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3638:25: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(vi->text,text,MAXTRANS-1);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3812:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
maprot.read();
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3813:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ipblacklist.read();
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3814:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nickblacklist.read();
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3815:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
forbiddenlist.read();
data/assaultcube-1.2.0.2.1/source/src/server.cpp:3816:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
passwords.read();
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4137:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(const char *c = buf; *c && po.remaining() > MAXINFOLINELEN + 10; c += strlen(c) + 1) sendstring(c, po);
data/assaultcube-1.2.0.2.1/source/src/server.cpp:4310:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen(scl.servdesc_full) ) global_name = scl.servdesc_full;
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:112:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t sl = strlen(s);
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:129:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(sl == strlen(m) && !strncmp(m, scl.adminonlymaps[i], sl)) role = CR_ADMIN;
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:206:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(isvalid() && strlen(reason) > 3 && valid_client(cn))
data/assaultcube-1.2.0.2.1/source/src/serveractions.h:227:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(isvalid() && strlen(reason) > 3)
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:372:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(lang) != 2) silang = "en";
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:523:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(text) != 2)
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:815:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return !strncmp(text, key, strlen(key));
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:857:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nkeys = newstring(strlen(ckeys));
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:868:24: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(*nkeys) strcat(nkeys, " ");
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1099:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text[max(int(MAXSTRLEN - strlen(si.cmd) - 10), 0)] = '\0';
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1195:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newkey = newstring(key, strlen(text) + 1 + strlen(key));
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1195:70: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *newkey = newstring(key, strlen(text) + 1 + strlen(key));
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1196:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(newkey, " ");
data/assaultcube-1.2.0.2.1/source/src/serverbrowser.cpp:1361:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int reqlen = strlen(req);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:101:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
else if(f->read(h, sizeof_baseheader) != sizeof_baseheader || (strncmp(h->head, "CUBE", 4) && strncmp(h->head, "ACMP",4))) err = "bad map file";
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:115:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&h->waterlevel, restofhead) != restofhead) err = "incompatible map file";
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:123:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(staticbuffer, restofhead) != restofhead) err = "map file truncated";
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:162:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&e, oldentityformat ? 12 : sizeof(persistent_entity));
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:216:31: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int type = f->getchar(), n;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:225:32: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
n = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:232:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:232:42: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:237:28: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:238:41: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ss->vdelta = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:239:47: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version <= 2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:239:61: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version <= 2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:252:44: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ss->floor = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:253:43: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ss->ceil = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:255:32: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:255:46: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:255:60: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:256:51: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version <= 2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:256:65: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version <= 2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:257:45: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ss->vdelta = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:258:49: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version >= 2) f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:259:74: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(version >= 5) ss->type |= TAGANYCLIP & f->getchar();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:696:5: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read();
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:815:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read()
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:828:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1; line++;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:912:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read()
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:924:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1; line++;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:932:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int i = (int)strlen(l) - 1; i > 0 && l[i] == ' '; i--) l[i] = '\0';
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:994:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read()
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1008:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1018:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s) + 1;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1029:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = r ? r : s + strlen(iprc.pwd);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1165:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!d || (len = strlen(d)) < 1) return false;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1166:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *dp = d, *s_end = s + strlen(s);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1200:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1207:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(entries[num][0],c1,FORBIDDENSIZE);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1208:26: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
if ( n > 1 ) strncpy(entries[num][1],c2,FORBIDDENSIZE);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1214:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read()
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1224:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1274:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void read()
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1287:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = p; p += strlen(p) + 1;
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1372:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(n = (int)strlen(s) - 1; n >= 0 && s[n] == ' '; n--) s[n] = '\0'; // strip trailing blanks
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1374:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
n = (int)strlen(t);
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1408:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while(*c) { c += strlen(c); if(c[1]) *c++ = '\n'; }
data/assaultcube-1.2.0.2.1/source/src/serverfiles.h:1409:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(s->info) > MAXSTRLEN) s->info[MAXSTRLEN] = '\0'; // keep MOTD at sane lengths
data/assaultcube-1.2.0.2.1/source/src/serverms.cpp:80:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
masterout.put(req, strlen(req));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:27:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(tmp);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:53:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(d) memmove(t, t + d, strlen(t + d) + 1); // remove multiple path delimiters
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:63:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(prevdir, curdir + 1, strlen(curdir));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:69:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(prevdir, curdir + 4, strlen(curdir + 3));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:97:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const char *p = directory + strlen(directory);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:126:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(path);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:142:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dir);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:183:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(dir, substitute, strlen(substitute)))
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:189:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
formatstring(tmpdir)("%s%s", mydocuments, dir+strlen(substitute));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:304:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dl = (int)strlen(pathname);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:343:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extsize = ext ? (int)strlen(ext)+1 : 0;
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:352:66: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
files.add(newstring(FindFileData.cFileName, (int)strlen(FindFileData.cFileName) - extsize));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:373:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dl = (int)strlen(pathname);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:383:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelength = (int)strlen(de->d_name) - extsize;
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:489:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return f->read(buf, size*nmemb)/size;
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:528:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(&str[i], 1) != 1) { str[i] = '\0'; return i > 0; }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:586:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len) { return (int)fread(buf, 1, len, file); }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:588:9: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getchar() { return fgetc(file); }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:588:28: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int getchar() { return fgetc(file); }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:659:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = file->read(zfile.next_in + zfile.avail_in, size);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:803:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(read(skip, sizeof(skip)) == sizeof(skip));
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:830:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(skip, skipped) != skipped) { stopreading(); return false; }
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:837:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:917:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:947:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(temp);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:996:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len)
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1080:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int rlen = f->read(buf, len);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1095:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while(got < maxlen && (len = source->read(copybuf, 1024))) got += dest->write(copybuf, len);
data/assaultcube-1.2.0.2.1/source/src/stream.cpp:1104:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int mid = strlen(fname1);
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:563:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(legacyprefix);
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:878:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopv(filter) filter_n.add((int) strlen(filter[i]));
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:879:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopv(exclude) exclude_n.add((int) strlen(exclude[i]));
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:880:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopv(exts) exts_n.add((int) strlen(exts[i]));
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:884:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int pn = strlen("packages/textures/");
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:893:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(s);
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:906:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(cutprefix) cvecprintf(res, " \"%s\"", int(strlen(p)) > filter_n[0] ? p + filter_n[0] : ""); // if there's exactly one filter string, add column with that string omitted
data/assaultcube-1.2.0.2.1/source/src/texture.cpp:909:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int n = strlen(b);
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:348:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&s.hdr, sizeof_baseheader) != sizeof_baseheader || (strncmp(s.hdr.head, "CUBE", 4) && strncmp(s.hdr.head, "ACMP",4))) { delete f; return NULL; }
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:353:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&s.hdr.waterlevel, restofhead) != restofhead ||
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:366:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&e, s.hdr.version < 10 ? 12 : sizeof(persistent_entity));
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:392:27: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int type = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:398:38: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!t || (n = f->getchar()) < 0) { fail = true; break; }
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:406:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:406:38: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:410:32: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
floor = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:411:31: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
ceil = f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:417:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:417:38: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:418:45: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(s.hdr.version>=2) f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:419:45: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(s.hdr.version>=5) f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:423:24: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:423:38: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->getchar(); f->getchar();
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:424:47: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(s.hdr.version<=2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:424:61: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(s.hdr.version<=2) { f->getchar(); f->getchar(); }
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:699:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(temp);
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:710:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int i = (int)strlen(text) - 1; i >= sc; i--) text[i] = '*';
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:1034:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rev, *revp, plen = prefix ? (int)strlen(prefix) : 0, slen = suffix ? (int)strlen(suffix) : 0;
data/assaultcube-1.2.0.2.1/source/src/tools.cpp:1034:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int rev, *revp, plen = prefix ? (int)strlen(prefix) : 0, slen = suffix ? (int)strlen(suffix) : 0;
data/assaultcube-1.2.0.2.1/source/src/tools.h:120:75: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
inline char *copystring(char *d, const char *s, size_t len = MAXSTRLEN) { strncpy(d, s, len); d[len-1] = 0; return d; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:121:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inline char *concatstring(char *d, const char *s, size_t len = MAXSTRLEN) { size_t used = strlen(d); return used < len ? copystring(d+used, s, len-used) : d; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:144:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(s);
data/assaultcube-1.2.0.2.1/source/src/tools.h:225:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read<numvals) flags |= OVERREAD;
data/assaultcube-1.2.0.2.1/source/src/tools.h:226:33: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
memcpy(vals, &buf[len], read*sizeof(T));
data/assaultcube-1.2.0.2.1/source/src/tools.h:227:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len += read;
data/assaultcube-1.2.0.2.1/source/src/tools.h:228:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return read;
data/assaultcube-1.2.0.2.1/source/src/tools.h:827:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inline char *newstring(const char *s) { return newstring(s, strlen(s)); }
data/assaultcube-1.2.0.2.1/source/src/tools.h:885:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#ifdef getchar
data/assaultcube-1.2.0.2.1/source/src/tools.h:886:8: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#undef getchar
data/assaultcube-1.2.0.2.1/source/src/tools.h:901:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int read(void *buf, int len) { return 0; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:903:17: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int getchar() { uchar c; return read(&c, 1) == 1 ? c : -1; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:903:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
virtual int getchar() { uchar c; return read(&c, 1) == 1 ? c : -1; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:906:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
virtual bool putstring(const char *str) { int len = (int)strlen(str); return write(str, len) == len; }
data/assaultcube-1.2.0.2.1/source/src/tools.h:915:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
template<class T> T get() { T n; return read(&n, sizeof(n)) == sizeof(n) ? n : 0; }
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:1108:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&hdr, sizeof(shadowheader))!=sizeof(shadowheader)) { delete f; return false; }
data/assaultcube-1.2.0.2.1/source/src/vertmodel.h:1116:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(buf, hdr.size*hdr.size*hdr.frames)!=hdr.size*hdr.size*hdr.frames) { delete f; delete[] buf; return false; }
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:19:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argstr.put(name, strlen(name));
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:27:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argstr.put(val, strlen(val));
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:139:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path.advance(strlen(cwd.buf));
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:141:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path.put(relpath, strlen(relpath));
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:143:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path.put(wsname, strlen(wsname));
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:181:5: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
fgetc(stdin);
data/assaultcube-1.2.0.2.1/source/src/wizard.cpp:183:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
argstr.insert(0, relpath, strlen(relpath));
data/assaultcube-1.2.0.2.1/source/src/world.cpp:749:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(hdr.head, "ACMP", 4);
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:637:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(hdr.head, "ACMP", 4); // ensure map now declares itself as an AssaultCube map, even if imported as CUBE
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:747:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(hdr.head, "ACMP", 4); // ensure map now declares itself as an AssaultCube map, even if imported as CUBE
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:852:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&tmp, sizeof_baseheader) != sizeof_baseheader ||
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:859:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&tmp.waterlevel, restofhead) != restofhead) { conoutf("\f3while reading map: header malformatted (2)"); delete f; return -6; }
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:870:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(extrabuf, extrasize) != extrasize) { conoutf("\f3while reading map: header malformatted (3)"); delete f; delete[] extrabuf; return -7; }
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:907:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
f->read(&e, oldentityformat ? 12 : sizeof(persistent_entity));
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:960:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
q.len = f->read(q.buf, cubicsize);
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1102:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&hdr, sizeof(demoheader))!=sizeof(demoheader) || memcmp(hdr.magic, DEMO_MAGIC, sizeof(hdr.magic))) { delete f; return NULL; }
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1118:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int textlen = strlen(text);
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1130:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(&hdr, sizeof(header))!=sizeof(header) || (strncmp(hdr.head, "CUBE", 4) && strncmp(hdr.head, "ACMP",4))) { delete f; return NULL; }
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1569:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
loopv(xmaps) if(!strncmp(xmaps[i]->nick, bakprefix, strlen(bakprefix)))
data/assaultcube-1.2.0.2.1/source/src/worldio.cpp:1573:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copystring(bak->nick, bak->nick + strlen(bakprefix));
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:87:87: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(next + carry < ZIP_DIRECTORY_SIZE || !f->seek(offset, SEEK_SET) || (int)f->read(buf, next) != next) return false;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:117:46: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(!f->seek(offset, SEEK_SET) || (int)f->read(buf, size) != size) { delete[] buf; return false; }
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:175:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(f->read(buf, ZIP_LOCAL_FILE_SIZE) != ZIP_LOCAL_FILE_SIZE)
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:235:56: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = arch->owner == this ? (int)arch->data->read(zfile.next_in + zfile.avail_in, min(size, remaining)) : 0;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:345:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(read(skip, skipped) != skipped) return false;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:353:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int read(void *buf, int len)
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:365:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = (int)arch->data->read(buf, min(len, int(info->size + info->offset - reading)));
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:408:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int striplen = stripdir ? (int)strlen(stripdir) : 0;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:496:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(name) > 40 || strchr(name, '.') || strcmp(pname, name) || *name == '/') return NULL; // illegal filename
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:536:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if(arch->data->read(buf, zipsize) != zipsize)
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:614:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strncmp(f, "mods/", 5) && !strncmp(f + strlen(f) - 4, ".zip", 4))
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:617:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
f[strlen(f) - 4] = '\0';
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:691:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int res = 0, modrevlen = (int)strlen(modrev);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:784:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extsize = ext ? (int)strlen(ext)+1 : 0, dirsize = (int)strlen(dir);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:784:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int extsize = ext ? (int)strlen(ext)+1 : 0, dirsize = (int)strlen(dir);
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:794:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int namelength = (int)strlen(name) - extsize;
data/assaultcube-1.2.0.2.1/source/src/zip.cpp:803:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dirsize = (int)strlen(dir);
ANALYSIS SUMMARY:
Hits = 826
Lines analyzed = 70934 in approximately 1.88 seconds (37631 lines/second)
Physical Source Lines of Code (SLOC) = 60128
Hits@level = [0] 203 [1] 374 [2] 323 [3] 0 [4] 129 [5] 0
Hits@level+ = [0+] 1029 [1+] 826 [2+] 452 [3+] 129 [4+] 129 [5+] 0
Hits/KSLOC@level+ = [0+] 17.1135 [1+] 13.7374 [2+] 7.5173 [3+] 2.14542 [4+] 2.14542 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.