Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/bygfoot-2.3.2/src/gui.h Examining data/bygfoot-2.3.2/src/misc2_interface.c Examining data/bygfoot-2.3.2/src/training_interface.h Examining data/bygfoot-2.3.2/src/xml_lg_commentary.c Examining data/bygfoot-2.3.2/src/xml_news.c Examining data/bygfoot-2.3.2/src/option_gui.h Examining data/bygfoot-2.3.2/src/cup.h Examining data/bygfoot-2.3.2/src/training_interface.c Examining data/bygfoot-2.3.2/src/treeview2.c Examining data/bygfoot-2.3.2/src/game_gui.c Examining data/bygfoot-2.3.2/src/callbacks.h Examining data/bygfoot-2.3.2/src/xml_cup.h Examining data/bygfoot-2.3.2/src/team.c Examining data/bygfoot-2.3.2/src/lg_commentary_struct.h Examining data/bygfoot-2.3.2/src/fixture.c Examining data/bygfoot-2.3.2/src/main.c Examining data/bygfoot-2.3.2/src/training_callbacks.c Examining data/bygfoot-2.3.2/src/misc.h Examining data/bygfoot-2.3.2/src/live_game.c Examining data/bygfoot-2.3.2/src/interface.c Examining data/bygfoot-2.3.2/src/player_struct.h Examining data/bygfoot-2.3.2/src/job_struct.h Examining data/bygfoot-2.3.2/src/xml_loadsave_table.c Examining data/bygfoot-2.3.2/src/gui.c Examining data/bygfoot-2.3.2/src/xml_name.c Examining data/bygfoot-2.3.2/src/language.c Examining data/bygfoot-2.3.2/src/xml_loadsave_league.c Examining data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.h Examining data/bygfoot-2.3.2/src/xml_loadsave_teams.c Examining data/bygfoot-2.3.2/src/free.h Examining data/bygfoot-2.3.2/src/user.c Examining data/bygfoot-2.3.2/src/xml_loadsave_cup.c Examining data/bygfoot-2.3.2/src/stat_struct.h Examining data/bygfoot-2.3.2/src/misc_interface.h Examining data/bygfoot-2.3.2/src/free.c Examining data/bygfoot-2.3.2/src/transfer.h Examining data/bygfoot-2.3.2/src/xml_loadsave_newspaper.h Examining data/bygfoot-2.3.2/src/xml_loadsave_cup.h Examining data/bygfoot-2.3.2/src/xml_league.h Examining data/bygfoot-2.3.2/src/misc3_interface.c Examining data/bygfoot-2.3.2/src/main.h Examining data/bygfoot-2.3.2/src/load_save.h Examining data/bygfoot-2.3.2/src/maths.c Examining data/bygfoot-2.3.2/src/youth_academy_struct.h Examining data/bygfoot-2.3.2/src/misc2_callback_func.c Examining data/bygfoot-2.3.2/src/xml_country.h Examining data/bygfoot-2.3.2/src/xml_loadsave_misc.c Examining data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c Examining data/bygfoot-2.3.2/src/xml_loadsave_teams.h Examining data/bygfoot-2.3.2/src/player.c Examining data/bygfoot-2.3.2/src/user.h Examining data/bygfoot-2.3.2/src/treeview.h Examining data/bygfoot-2.3.2/src/misc_callbacks.c Examining data/bygfoot-2.3.2/src/strategy_struct.h Examining data/bygfoot-2.3.2/src/debug.c Examining data/bygfoot-2.3.2/src/stat.c Examining data/bygfoot-2.3.2/src/training_callbacks.h Examining data/bygfoot-2.3.2/src/debug.h Examining data/bygfoot-2.3.2/src/fixture_struct.h Examining data/bygfoot-2.3.2/src/xml_loadsave_fixtures.h Examining data/bygfoot-2.3.2/src/xml_league.c Examining data/bygfoot-2.3.2/src/xml_name.h Examining data/bygfoot-2.3.2/src/game.h Examining data/bygfoot-2.3.2/src/xml_loadsave_transfers.h Examining data/bygfoot-2.3.2/src/misc2_interface.h Examining data/bygfoot-2.3.2/src/xml_strategy.h Examining data/bygfoot-2.3.2/src/xml_loadsave_league_stat.h Examining data/bygfoot-2.3.2/src/youth_academy.h Examining data/bygfoot-2.3.2/src/start_end.c Examining data/bygfoot-2.3.2/src/misc_callback_func.h Examining data/bygfoot-2.3.2/src/transfer.c Examining data/bygfoot-2.3.2/src/option.h Examining data/bygfoot-2.3.2/src/league_table_interface.h Examining data/bygfoot-2.3.2/src/xml_team.h Examining data/bygfoot-2.3.2/src/nonsourcestrings.c Examining data/bygfoot-2.3.2/src/youth_academy.c Examining data/bygfoot-2.3.2/src/training_struct.h Examining data/bygfoot-2.3.2/src/treeview.c Examining data/bygfoot-2.3.2/src/live_game.h Examining data/bygfoot-2.3.2/src/misc2_callbacks.c Examining data/bygfoot-2.3.2/src/transfer_struct.h Examining data/bygfoot-2.3.2/src/cup.c Examining data/bygfoot-2.3.2/src/lg_commentary.c Examining data/bygfoot-2.3.2/src/misc.c Examining data/bygfoot-2.3.2/src/finance.c Examining data/bygfoot-2.3.2/src/xml_country.c Examining data/bygfoot-2.3.2/src/interface.h Examining data/bygfoot-2.3.2/src/callback_func.c Examining data/bygfoot-2.3.2/src/finance.h Examining data/bygfoot-2.3.2/src/team_struct.h Examining data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c Examining data/bygfoot-2.3.2/src/option_struct.h Examining data/bygfoot-2.3.2/src/name.h Examining data/bygfoot-2.3.2/src/options_interface.h Examining data/bygfoot-2.3.2/src/enums.h Examining data/bygfoot-2.3.2/src/table.h Examining data/bygfoot-2.3.2/src/option_gui.c Examining data/bygfoot-2.3.2/src/league_struct.h Examining data/bygfoot-2.3.2/src/xml.c Examining data/bygfoot-2.3.2/src/news.h Examining data/bygfoot-2.3.2/src/xml_news.h Examining data/bygfoot-2.3.2/src/window.c Examining data/bygfoot-2.3.2/src/xml_loadsave_users.c Examining data/bygfoot-2.3.2/src/xml_loadsave_transfers.c Examining data/bygfoot-2.3.2/src/misc2_callback_func.h Examining data/bygfoot-2.3.2/src/name_struct.h Examining data/bygfoot-2.3.2/src/job.h Examining data/bygfoot-2.3.2/src/gettext_macros.h Examining data/bygfoot-2.3.2/src/misc3_interface.h Examining data/bygfoot-2.3.2/src/lg_commentary.h Examining data/bygfoot-2.3.2/src/bet.c Examining data/bygfoot-2.3.2/src/league_table_callbacks.c Examining data/bygfoot-2.3.2/src/xml_loadsave_season_stats.h Examining data/bygfoot-2.3.2/src/strategy.h Examining data/bygfoot-2.3.2/src/xml_cup.c Examining data/bygfoot-2.3.2/src/league_table_callbacks.h Examining data/bygfoot-2.3.2/src/xml_loadsave_table.h Examining data/bygfoot-2.3.2/src/xml_loadsave_live_game.c Examining data/bygfoot-2.3.2/src/misc_interface.c Examining data/bygfoot-2.3.2/src/game.c Examining data/bygfoot-2.3.2/src/load_save.c Examining data/bygfoot-2.3.2/src/league.h Examining data/bygfoot-2.3.2/src/stat.h Examining data/bygfoot-2.3.2/src/misc_callback_func.c Examining data/bygfoot-2.3.2/src/xml.h Examining data/bygfoot-2.3.2/src/treeview_helper.c Examining data/bygfoot-2.3.2/src/callback_func.h Examining data/bygfoot-2.3.2/src/xml_loadsave_league_stat.c Examining data/bygfoot-2.3.2/src/xml_lg_commentary.h Examining data/bygfoot-2.3.2/src/xml_loadsave_players.c Examining data/bygfoot-2.3.2/src/table.c Examining data/bygfoot-2.3.2/src/xml_loadsave_live_game.h Examining data/bygfoot-2.3.2/src/misc3_callbacks.c Examining data/bygfoot-2.3.2/src/bygfoot_private.h Examining data/bygfoot-2.3.2/src/xml_loadsave_misc.h Examining data/bygfoot-2.3.2/src/name.c Examining data/bygfoot-2.3.2/src/news.c Examining data/bygfoot-2.3.2/src/variables.h Examining data/bygfoot-2.3.2/src/bet.h Examining data/bygfoot-2.3.2/src/misc2_callbacks.h Examining data/bygfoot-2.3.2/src/xml_loadsave_users.h Examining data/bygfoot-2.3.2/src/strategy.c Examining data/bygfoot-2.3.2/src/xml_loadsave_jobs.h Examining data/bygfoot-2.3.2/src/cup_struct.h Examining data/bygfoot-2.3.2/src/xml_loadsave_fixtures.c Examining data/bygfoot-2.3.2/src/maths.h Examining data/bygfoot-2.3.2/src/xml_loadsave_jobs.c Examining data/bygfoot-2.3.2/src/team.h Examining data/bygfoot-2.3.2/src/xml_mmatches.h Examining data/bygfoot-2.3.2/src/player.h Examining data/bygfoot-2.3.2/src/language.h Examining data/bygfoot-2.3.2/src/fixture.h Examining data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c Examining data/bygfoot-2.3.2/src/xml_team.c Examining data/bygfoot-2.3.2/src/bet_struct.h Examining data/bygfoot-2.3.2/src/table_struct.h Examining data/bygfoot-2.3.2/src/file.h Examining data/bygfoot-2.3.2/src/xml_mmatches.c Examining data/bygfoot-2.3.2/src/user_struct.h Examining data/bygfoot-2.3.2/src/start_end.h Examining data/bygfoot-2.3.2/src/window.h Examining data/bygfoot-2.3.2/src/xml_loadsave_players.h Examining data/bygfoot-2.3.2/src/news_struct.h Examining data/bygfoot-2.3.2/src/support.h Examining data/bygfoot-2.3.2/src/job.c Examining data/bygfoot-2.3.2/src/option.c Examining data/bygfoot-2.3.2/src/treeview_helper.h Examining data/bygfoot-2.3.2/src/file.c Examining data/bygfoot-2.3.2/src/options_callbacks.c Examining data/bygfoot-2.3.2/src/misc_callbacks.h Examining data/bygfoot-2.3.2/src/callbacks.c Examining data/bygfoot-2.3.2/src/xml_strategy.c Examining data/bygfoot-2.3.2/src/options_callbacks.h Examining data/bygfoot-2.3.2/src/live_game_struct.h Examining data/bygfoot-2.3.2/src/treeview2.h Examining data/bygfoot-2.3.2/src/training.c Examining data/bygfoot-2.3.2/src/game_gui.h Examining data/bygfoot-2.3.2/src/xml_loadsave_league.h Examining data/bygfoot-2.3.2/src/league_table_interface.c Examining data/bygfoot-2.3.2/src/support.c Examining data/bygfoot-2.3.2/src/misc3_callbacks.h Examining data/bygfoot-2.3.2/src/league.c Examining data/bygfoot-2.3.2/src/options_interface.c Examining data/bygfoot-2.3.2/src/training.h Examining data/bygfoot-2.3.2/src/bygfoot.h FINAL RESULTS: data/bygfoot-2.3.2/src/callback_func.c:395:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You can take out at most %s."), buf2); data/bygfoot-2.3.2/src/callback_func.c:425:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You can pay back at most %s"), buf2); data/bygfoot-2.3.2/src/callback_func.c:468:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s would like to buy %s. They offer %s for him, which is %s than the player's value. Do you accept?"), transoff(idx, 0).tm->name, data/bygfoot-2.3.2/src/callback_func.c:512:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You offered a transfer fee of %s and a wage of %s for %s. The owners and the player are satisfied with your offer. Do you still want to buy the player?"), data/bygfoot-2.3.2/src/callback_func.c:571:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You are making an offer for %s. Your scout's recommendations for fee and wage are preset."), data/bygfoot-2.3.2/src/callback_func.c:579:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You are making an offer for %s again. Your previous values for fee and wage are preset."), data/bygfoot-2.3.2/src/callback_func.c:629:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You are negotiating with %s about a new contract. Pay attention to what you're doing; if you don't come to terms with him within %d offers, he's going to leave your team after his current contract expires (unless you sell him). You may only abort BEFORE making the first offer.\nYour scout's recommendations are preset:"), data/bygfoot-2.3.2/src/callback_func.c:771:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You want to fire %s. Since his contract expires in %.1f years, he demands a compensation of %s. Do you accept?"), pl->name, pl->contract, buf2); data/bygfoot-2.3.2/src/cup.c:1230:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "string_cup_%s", data/bygfoot-2.3.2/src/debug.c:64:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(text, "%s %s\n", logtime_string, buf); data/bygfoot-2.3.2/src/debug.c:70:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%sbygfoot.log", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/debug.c:75:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%sbygfoot.log", pwd, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/file.c:163:8: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. if(system(command->str) != 0) data/bygfoot-2.3.2/src/file.c:234:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", home, G_DIR_SEPARATOR_S, dirs[i]); data/bygfoot-2.3.2/src/file.c:259:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%s%s", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:285:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%s%s", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:295:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%s%s%s%s", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:303:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:310:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:316:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", basename, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:384:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("Copying %s"), filename); data/bygfoot-2.3.2/src/file.c:506:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", g_strdup(country_structure), data/bygfoot-2.3.2/src/file.c:642:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(opt_name, new.name); data/bygfoot-2.3.2/src/file.c:673:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(hints_file, "bygfoot_hints_%s", buf); data/bygfoot-2.3.2/src/file.c:720:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "bygfoot_%s.conf", user->name); data/bygfoot-2.3.2/src/file.c:931:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s%s%s", home, G_DIR_SEPARATOR_S, HOMEDIRNAME); data/bygfoot-2.3.2/src/file.c:933:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dir, "%s%s", pwd, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/file.c:952:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%ssaves%s%s", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:958:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssaves%s%s", pwd, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:988:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%ssaves%s%s", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/file.c:994:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssaves%s%s", pwd, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/fixture.c:1078:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s (%d - %d)", local_buf, data/bygfoot-2.3.2/src/fixture.c:1082:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, local_buf); data/bygfoot-2.3.2/src/game.c:1047:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %d%s", data/bygfoot-2.3.2/src/game.c:1057:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %d%s", player_name, data/bygfoot-2.3.2/src/game.c:1066:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", player_of_id_team(tm[team], player)->name); data/bygfoot-2.3.2/src/game.c:1071:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", player_of_id_team(tm[team], player2)->name); data/bygfoot-2.3.2/src/game.c:1076:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", player_of_id_team(tm[team], player)->name); data/bygfoot-2.3.2/src/game_gui.c:806:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("The team owners have fired you because of financial mismanagement. Luckily, the owners of %s have heard of your dismissal and offer you a job. Here's some information on %s:"), data/bygfoot-2.3.2/src/game_gui.c:809:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("The team owners have fired you because of unsuccessfulness. Luckily, the owners of %s have heard of your dismissal and offer you a job. Here's some information on %s:"), data/bygfoot-2.3.2/src/game_gui.c:812:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("The owners of %s are deeply impressed by your success with %s and would like to hire you. Here's some information on %s:"), data/bygfoot-2.3.2/src/game_gui.c:817:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, (type != STATUS_JOB_EXCHANGE_SHOW_TEAM) ? data/bygfoot-2.3.2/src/game_gui.h:59:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 1, 2))); data/bygfoot-2.3.2/src/game_gui.h:68:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 1, 2))); data/bygfoot-2.3.2/src/game_gui.h:80:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 1, 2))); data/bygfoot-2.3.2/src/gui.c:56:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s", buf); data/bygfoot-2.3.2/src/gui.c:58:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s", current_text, buf); data/bygfoot-2.3.2/src/language.c:57:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, (gchar*)g_ptr_array_index(codes, index - 1)); data/bygfoot-2.3.2/src/language.c:66:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%slocale", dir, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/language.c:69:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, dir); data/bygfoot-2.3.2/src/language.c:117:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(local_code, code); data/bygfoot-2.3.2/src/language.c:259:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, opt_str("string_opt_language_code")); data/bygfoot-2.3.2/src/lg_commentary.c:649:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(commentary_file, "lg_commentary_%s.xml", buf); data/bygfoot-2.3.2/src/load_save.c:82:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___options", prefix); data/bygfoot-2.3.2/src/load_save.c:84:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___settings", prefix); data/bygfoot-2.3.2/src/load_save.c:163:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___", prefix); data/bygfoot-2.3.2/src/load_save.c:378:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%ssaves%s%s_%02d.zip", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/load_save.c:384:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssaves%s%s_%02d.zip", pwd, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/load_save.c:417:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "autosave_%s_%s_%s_S%02d_W%02d", data/bygfoot-2.3.2/src/main.c:355:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", g_get_home_dir(), G_DIR_SEPARATOR_S, HOMEDIRNAME); data/bygfoot-2.3.2/src/main.c:361:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssupport_files", dir, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/main.c:364:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssaves", dir, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/main.h:40:35: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((noreturn, format (printf, 2, 3))); data/bygfoot-2.3.2/src/misc.c:209:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/misc.c:216:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/misc.c:224:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf2, buf); data/bygfoot-2.3.2/src/misc.c:225:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", buf2); data/bygfoot-2.3.2/src/misc.c:541:4: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(string, array[count]); data/bygfoot-2.3.2/src/misc.c:562:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, occurrence + strlen(token)); data/bygfoot-2.3.2/src/misc.c:563:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "%s%s%s", buf, replacement, buf2); data/bygfoot-2.3.2/src/misc.c:585:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, string); data/bygfoot-2.3.2/src/misc.c:593:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf2); data/bygfoot-2.3.2/src/misc.c:623:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf2); data/bygfoot-2.3.2/src/misc.c:632:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf2); data/bygfoot-2.3.2/src/misc.c:662:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "(%s)", paren); data/bygfoot-2.3.2/src/misc.c:687:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, condition); data/bygfoot-2.3.2/src/misc.c:701:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, buf); data/bygfoot-2.3.2/src/misc.c:763:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, text_tokens); data/bygfoot-2.3.2/src/misc.c:767:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, dest); data/bygfoot-2.3.2/src/misc2_callbacks.c:412:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("Remove user %s from the game?"), usr(idx).name); data/bygfoot-2.3.2/src/name.c:94:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s %s", name_get_random_first_name(namelist), data/bygfoot-2.3.2/src/news.c:77:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(title_small, "%s %s %s", data/bygfoot-2.3.2/src/news.c:420:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "string_token_streak_%swon%d", buf2, i); data/bygfoot-2.3.2/src/news.c:424:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "string_token_streak_%slost%d", buf2, i); data/bygfoot-2.3.2/src/news.c:428:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "string_token_streak_%sunbeaten%d", buf2, i); data/bygfoot-2.3.2/src/news.c:494:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(high_scorer, scorer); data/bygfoot-2.3.2/src/news.c:500:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, "%s (%d)", scorer, scorer_goals); data/bygfoot-2.3.2/src/news.c:502:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, "%s", scorer); data/bygfoot-2.3.2/src/news.c:507:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, _("%s and %s (%d)"), buf, scorer, scorer_goals); data/bygfoot-2.3.2/src/news.c:509:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, _("%s and %s"), buf, scorer); data/bygfoot-2.3.2/src/news.c:514:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, "%s, %s (%d)", buf, scorer, scorer_goals); data/bygfoot-2.3.2/src/news.c:516:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(scorer_str, "%s, %s", buf, scorer); data/bygfoot-2.3.2/src/news.c:519:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, scorer_str); data/bygfoot-2.3.2/src/news.c:843:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(news_file, "news_%s.xml", buf); data/bygfoot-2.3.2/src/options_callbacks.c:59:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%sbygfoot.conf", conf_dir, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/options_callbacks.c:66:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%sbygfoot_user.conf", conf_dir, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/options_callbacks.c:68:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%sbygfoot_%s.conf", conf_dir, G_DIR_SEPARATOR_S, current_user.name); data/bygfoot-2.3.2/src/options_callbacks.c:254:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", file_get_first_support_dir(), data/bygfoot-2.3.2/src/options_callbacks.c:260:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", file_get_first_support_dir(), data/bygfoot-2.3.2/src/start_end.c:387:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s %s %s", data/bygfoot-2.3.2/src/start_end.c:423:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s %s %s", data/bygfoot-2.3.2/src/team.c:1080:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf3, _("%s (H) "), buf2); data/bygfoot-2.3.2/src/team.c:1086:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf3, _("<span background='%s' foreground='%s'>%s (A) </span> "), data/bygfoot-2.3.2/src/team.c:1096:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf3, _("%s (N) "), buf2); data/bygfoot-2.3.2/src/team.c:1101:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf4, buf3); data/bygfoot-2.3.2/src/team.c:1106:7: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, buf4); data/bygfoot-2.3.2/src/team.c:1107:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf4, "%s%s", buf3, buf2); data/bygfoot-2.3.2/src/team.c:1110:7: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(neutral, buf3); data/bygfoot-2.3.2/src/team.c:1114:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s", buf4, neutral); data/bygfoot-2.3.2/src/team.c:1199:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "team_%s.xml", tm->def_file); data/bygfoot-2.3.2/src/treeview.c:523:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:528:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:879:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], "<span background='%s'> ", data/bygfoot-2.3.2/src/treeview.c:882:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], "<span background='%s'> ", data/bygfoot-2.3.2/src/treeview.c:885:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], "<span background='%s'> ", data/bygfoot-2.3.2/src/treeview.c:898:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf3, "%s%s%s", buf[0], data/bygfoot-2.3.2/src/treeview.c:908:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[1], _("Attendance\n%s"), buf[0]); data/bygfoot-2.3.2/src/treeview.c:916:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], _("<span background='%s'>There were technical problems\nin the stadium.</span>"), data/bygfoot-2.3.2/src/treeview.c:919:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], _("<span background='%s'>There were riots\nin the stadium.</span>"), data/bygfoot-2.3.2/src/treeview.c:922:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], _("<span background='%s'>There was a fire\nin the stadium.</span>"), data/bygfoot-2.3.2/src/treeview.c:1033:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(round_name, "\n%s", g_array_index(cup_from_clid(fix->clid)->rounds, CupRound, fix->round).name); data/bygfoot-2.3.2/src/treeview.c:1037:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span background='%s' foreground='%s'>%s%s</span>", data/bygfoot-2.3.2/src/treeview.c:1041:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1097:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[i], "<span background='%s' foreground='%s'>%s [%d]</span>", data/bygfoot-2.3.2/src/treeview.c:1102:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[i], "<span background='%s' foreground='%s'>%s (%d)</span>", data/bygfoot-2.3.2/src/treeview.c:1106:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[i], "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1109:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[2], "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1243:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, table->name); data/bygfoot-2.3.2/src/treeview.c:1251:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s Group %d"), cup_from_clid(table->clid)->name, table_index + 1); data/bygfoot-2.3.2/src/treeview.c:1253:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", cup_from_clid(table->clid)->name); data/bygfoot-2.3.2/src/treeview.c:1303:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[0], "<span background='%s' foreground='%s'>%d</span>", data/bygfoot-2.3.2/src/treeview.c:1308:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[1], "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1311:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf[1], "<span background='%s' foreground='%s'>%s (%s)</span>", data/bygfoot-2.3.2/src/treeview.c:1570:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1582:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, buf); data/bygfoot-2.3.2/src/treeview.c:1584:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1595:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1605:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1614:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", const_app("string_treeview_finances_expenses_fg"), buf); data/bygfoot-2.3.2/src/treeview.c:1625:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf2, buf); data/bygfoot-2.3.2/src/treeview.c:1627:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1642:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s (%.2f%% %s)</span>", data/bygfoot-2.3.2/src/treeview.c:1656:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1672:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, _("%.1f months / %s"), ((gfloat)user->sponsor.contract) / 4, buf); data/bygfoot-2.3.2/src/treeview.c:1791:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s\n<span foreground='%s'>", buf2, data/bygfoot-2.3.2/src/treeview.c:1824:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, league_cup_get_name_string(fix->clid)); data/bygfoot-2.3.2/src/treeview.c:1826:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s (%s)", league_cup_get_name_string(fix->clid), data/bygfoot-2.3.2/src/treeview.c:1836:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("<span foreground='%s' background='%s'>Week %d Round %d</span>"), data/bygfoot-2.3.2/src/treeview.c:1841:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("<span foreground='%s' background='%s'>Week %d Round %d</span>"), data/bygfoot-2.3.2/src/treeview.c:1863:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%d (%s)", rank, data/bygfoot-2.3.2/src/treeview.c:1872:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, " (<span foreground='%s'>%+.1f</span>)", data/bygfoot-2.3.2/src/treeview.c:1877:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, " (<span foreground='%s'>%+.1f</span>)", data/bygfoot-2.3.2/src/treeview.c:1882:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview.c:1986:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "<span background='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:1990:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(name, g_array_index(table_elements, TableElement, i).team->name); data/bygfoot-2.3.2/src/treeview.c:2458:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview.c:2501:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf3, "<span background='%s' foreground='%s'>%s (%s)</span>", data/bygfoot-2.3.2/src/treeview.c:2733:22: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", ""); data/bygfoot-2.3.2/src/treeview.c:2734:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "flag_%s.png", (gchar*)dir_split_up[j]); data/bygfoot-2.3.2/src/treeview.c:2796:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "\n<span %s>%s</span>", data/bygfoot-2.3.2/src/treeview.c:2804:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, g_array_index(help_list.list, Option, i).string_value); data/bygfoot-2.3.2/src/treeview2.c:345:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, buf2); data/bygfoot-2.3.2/src/treeview2.c:347:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span foreground='%s'>%s</span>", data/bygfoot-2.3.2/src/treeview2.c:360:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(team_names[j], "%s [%d]", data/bygfoot-2.3.2/src/treeview2.c:365:8: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(team_names[j], "%s (%d)", data/bygfoot-2.3.2/src/treeview2.c:369:8: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(team_names[j], fix->teams[j]->name); data/bygfoot-2.3.2/src/treeview2.c:487:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s (%d)", g_array_index(jobs, Job, i).league_name, data/bygfoot-2.3.2/src/treeview2.c:598:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "\n<span %s>%s</span>", data/bygfoot-2.3.2/src/treeview2.c:629:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span %s>%s</span>\n\n", data/bygfoot-2.3.2/src/treeview_helper.c:941:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s %d ", titles[i], pl->career[i]); data/bygfoot-2.3.2/src/treeview_helper.c:942:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview_helper.c:964:5: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buf2, format, goals_game, shot_perc); data/bygfoot-2.3.2/src/treeview_helper.c:965:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview_helper.c:987:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, _("%s: %d weeks\n"), data/bygfoot-2.3.2/src/treeview_helper.c:990:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview_helper.c:1021:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s: %d (%d)\n", data/bygfoot-2.3.2/src/treeview_helper.c:1028:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, _("%s: %d (no limit)\n"), data/bygfoot-2.3.2/src/treeview_helper.c:1032:6: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview_helper.c:1053:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s: %d/%d\n", data/bygfoot-2.3.2/src/treeview_helper.c:1057:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buf2); data/bygfoot-2.3.2/src/treeview_helper.c:1087:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s (expected recovery in %d weeks)"), data/bygfoot-2.3.2/src/treeview_helper.c:1186:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", pl->team->name); data/bygfoot-2.3.2/src/treeview_helper.c:1188:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s (%s)", pl->team->name, pl->team->strategy_sid); data/bygfoot-2.3.2/src/treeview_helper.c:1192:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, (idx == -1) ? data/bygfoot-2.3.2/src/treeview_helper.c:1214:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, pl->name); data/bygfoot-2.3.2/src/treeview_helper.c:1584:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span %s>%s</span>", data/bygfoot-2.3.2/src/treeview_helper.c:1715:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, fix->teams[!user_idx]->name); data/bygfoot-2.3.2/src/treeview_helper.c:1885:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s\n%s", league_cup_get_name_string(article->clid), round_name); data/bygfoot-2.3.2/src/treeview_helper.c:1888:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s", league_cup_get_name_string(article->clid)); data/bygfoot-2.3.2/src/treeview_helper.c:1890:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span %s>%s</span>", data/bygfoot-2.3.2/src/treeview_helper.c:1934:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span %s>%s</span>", data/bygfoot-2.3.2/src/treeview_helper.c:1982:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, job->country_name); data/bygfoot-2.3.2/src/user.c:116:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s", g_array_index(lig(user->scout).teams, Team, rndom).name); data/bygfoot-2.3.2/src/user.c:630:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s's injury was so severe that he can't play football on a professional level anymore. He leaves your team."), player_of_id_team(event->user->tm, event->value1)->name); data/bygfoot-2.3.2/src/user.c:828:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You start the game with %s in the %s."), data/bygfoot-2.3.2/src/user.c:834:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s fires you because of financial mismanagement.\nYou find a new job with %s in the %s."), data/bygfoot-2.3.2/src/user.c:841:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s fires you because of unsuccessfulness.\nYou find a new job with %s in the %s."), data/bygfoot-2.3.2/src/user.c:848:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("%s offer you a job in the %s.\nYou accept the challenge and leave %s."), data/bygfoot-2.3.2/src/user.c:855:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You finish the season in the %s on rank %s."), data/bygfoot-2.3.2/src/user.c:861:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You get promoted to the %s."), data/bygfoot-2.3.2/src/user.c:866:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You get relegated to the %s."), data/bygfoot-2.3.2/src/user.c:871:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You win the %s final against %s."), data/bygfoot-2.3.2/src/user.c:877:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You lose in the %s final against %s."), data/bygfoot-2.3.2/src/user.c:883:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You reach the %s (round %s) of the %s."), data/bygfoot-2.3.2/src/user.c:890:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("You are champion of the %s!"), data/bygfoot-2.3.2/src/user.c:1151:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(filename_local, filename); data/bygfoot-2.3.2/src/user.c:1155:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(matches_file, "%s___mmatches", prefix->str); data/bygfoot-2.3.2/src/user.c:1257:6: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(dest, filename); data/bygfoot-2.3.2/src/user.c:1261:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, filename); data/bygfoot-2.3.2/src/user.c:1273:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(dest, "%s.bmm.zip", buf); data/bygfoot-2.3.2/src/user.h:76:25: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. __attribute__ ((format (printf, 6, 7))); data/bygfoot-2.3.2/src/window.c:112:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%shint_num", data/bygfoot-2.3.2/src/window.c:150:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%shint_num", data/bygfoot-2.3.2/src/window.c:225:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", picdir, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/window.c:272:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<span %s>Bygfoot Football Manager %s</span>\n(c) %s Győző Both (gyboth@bygfoot.com)\nhttp://bygfoot.sourceforge.net", const_app("string_help_window_program_name_attribute"), VERS, YEAR); data/bygfoot-2.3.2/src/window.c:415:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s%ssaves", home, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/window.c:420:13: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%ssaves", pwd, G_DIR_SEPARATOR_S); data/bygfoot-2.3.2/src/window.c:747:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%swindow_settings", data/bygfoot-2.3.2/src/window.c:782:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%swindow_settings", data/bygfoot-2.3.2/src/window.c:817:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Bygfoot Football Manager %s", VERS); data/bygfoot-2.3.2/src/window.c:835:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "Bygfoot Football Manager %s", VERS); data/bygfoot-2.3.2/src/window.c:855:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, league_cup_get_name_string(((LiveGame*)statp)->fix->clid)); data/bygfoot-2.3.2/src/xml.c:65:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s___user_%02d_options", data/bygfoot-2.3.2/src/xml.c:69:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s___user_%02d_live_game.xml", data/bygfoot-2.3.2/src/xml.c:88:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml.c:89:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(team_file, "%s%s%s_teams.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml.c:92:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("Loading league: %s"), data/bygfoot-2.3.2/src/xml.c:101:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s_fixtures.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml.c:104:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s_stat.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml.c:120:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml.c:123:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, _("Loading cup: %s"), data/bygfoot-2.3.2/src/xml.c:131:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s_fixtures.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml.c:146:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s___transfer_list.xml", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml_country.c:235:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "country_%s.xml", country_name); data/bygfoot-2.3.2/src/xml_country.c:249:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, file_name); data/bygfoot-2.3.2/src/xml_cup.c:502:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "cup_%s.xml", cup_name); data/bygfoot-2.3.2/src/xml_cup.c:514:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, file_name); data/bygfoot-2.3.2/src/xml_league.c:505:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "league_%s.xml", league_name); data/bygfoot-2.3.2/src/xml_league.c:517:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, file_name); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:302:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:315:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:406:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d_fixtures.xml", prefix, cup->id); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:409:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d.xml", prefix, cup->id); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:479:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d_round_%02d_teams.xml", data/bygfoot-2.3.2/src/xml_loadsave_cup.c:483:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d_round_%02d_teams.xml", data/bygfoot-2.3.2/src/xml_loadsave_cup.c:538:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d_round_%02d_table_%02d.xml", basename, cup->id, round, i); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:541:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d_round_%02d_table_%02d.xml", prefix, cup->id, round, i); data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:177:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s%s%s___job_teams.xml", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:180:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s%s%s___jobs.xml", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:215:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___job_teams.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:218:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___jobs.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_league.c:283:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf); data/bygfoot-2.3.2/src/xml_loadsave_league.c:363:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d_teams.xml", prefix, league->id); data/bygfoot-2.3.2/src/xml_loadsave_league.c:366:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d_fixtures.xml", prefix, league->id); data/bygfoot-2.3.2/src/xml_loadsave_league.c:369:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d_stat.xml", prefix, league->id); data/bygfoot-2.3.2/src/xml_loadsave_league.c:372:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d.xml", prefix, league->id); data/bygfoot-2.3.2/src/xml_loadsave_league.c:409:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d_table_%02d.xml", basename, league->id, i); data/bygfoot-2.3.2/src/xml_loadsave_league.c:412:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d_table_%02d.xml", prefix, league->id, i); data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:142:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s%s%s___leagues_cups.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:186:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___leagues_cups.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:194:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___league_%d.xml", basename, lig(i).id); data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:201:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___cup_%d.xml", basename, cp(i).id); data/bygfoot-2.3.2/src/xml_loadsave_misc.c:214:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s%s%s___misc.xml", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml_loadsave_misc.c:255:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___misc.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:182:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%s%s___newspaper.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:217:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___newspaper.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:165:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf2, "%s%s%s", dirname2, G_DIR_SEPARATOR_S, buf); data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:190:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(filename, "%s%s%s___season_stats.xml", dirname, G_DIR_SEPARATOR_S, prefix); data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:226:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___season_stats.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:277:6: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___season_stats_league_stat_%02d-%02d.xml", prefix, i, j); data/bygfoot-2.3.2/src/xml_loadsave_transfers.c:223:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___transfer_list.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_users.c:370:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(file, "%s%s%s___users.xml", dirname, G_DIR_SEPARATOR_S, basename); data/bygfoot-2.3.2/src/xml_loadsave_users.c:407:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___user_%02d_options", prefix, i); data/bygfoot-2.3.2/src/xml_loadsave_users.c:410:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___user_%02d_live_game.xml", prefix, i); data/bygfoot-2.3.2/src/xml_loadsave_users.c:414:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s___users.xml", prefix); data/bygfoot-2.3.2/src/xml_loadsave_users.c:433:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(buf, usr(i).sponsor.name->str); data/bygfoot-2.3.2/src/xml_mmatches.c:143:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(lg_file, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf); data/bygfoot-2.3.2/src/xml_mmatches.c:206:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%smmatches", prefix); data/bygfoot-2.3.2/src/xml_mmatches.c:229:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%slg%03d", basename, i); data/bygfoot-2.3.2/src/xml_mmatches.c:231:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%slg%03d", prefix, i); data/bygfoot-2.3.2/src/xml_name.c:137:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "player_names_%s.xml", sid); data/bygfoot-2.3.2/src/xml_strategy.c:559:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s%s%s", strategydir, G_DIR_SEPARATOR_S, data/bygfoot-2.3.2/src/debug.c:67:16: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:229:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:253:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:282:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:927:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:948:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/file.c:983:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/load_save.c:363:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/main.c:355:28: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. sprintf(buf, "%s%s%s", g_get_home_dir(), G_DIR_SEPARATOR_S, HOMEDIRNAME); data/bygfoot-2.3.2/src/maths.c:48:19: [3] (random) g_rand_double: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. gdouble U1 = g_rand_double(rand_generator); data/bygfoot-2.3.2/src/maths.c:49:19: [3] (random) g_rand_double: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. gdouble U2 = g_rand_double(rand_generator); data/bygfoot-2.3.2/src/maths.h:36:31: [3] (random) g_rand_double_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define math_rnd(lower,upper) g_rand_double_range(rand_generator, lower, upper) data/bygfoot-2.3.2/src/maths.h:37:32: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define math_rndi(lower,upper) g_rand_int_range(rand_generator, lower, upper + 1) data/bygfoot-2.3.2/src/training.c:159:38: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. skill_points = training_points - random; data/bygfoot-2.3.2/src/training.c:190:48: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. fitness_points = ((0.02 * number_camp) + (random / 100.0)) * -1; data/bygfoot-2.3.2/src/training.c:196:48: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. fitness_points = ((0.04 * number_camp) + (random / 100.0)) * -1; data/bygfoot-2.3.2/src/training.c:227:48: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. fitness_points = (((gfloat) training_points + random) / number_camp) / 100; data/bygfoot-2.3.2/src/training.c:268:42: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. recovery_points = (training_points + random) * number_camp; data/bygfoot-2.3.2/src/training.c:287:21: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. random = (gint) g_rand_int_range(grand, min, max+1); //random() works until max -1 data/bygfoot-2.3.2/src/training.c:288:12: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return random; data/bygfoot-2.3.2/src/window.c:367:25: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. const gchar *home = g_get_home_dir(); data/bygfoot-2.3.2/src/callback_func.c:464:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf3, _(" more")); data/bygfoot-2.3.2/src/callback_func.c:466:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf3, _(" less")); data/bygfoot-2.3.2/src/callback_func.c:636:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "spinbutton_contract%d", i + 1); data/bygfoot-2.3.2/src/cup.c:238:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prefix, "NONAME"); data/bygfoot-2.3.2/src/cup.c:1094:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Round robin")); data/bygfoot-2.3.2/src/cup.c:1102:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Last %d"), (gint)rint(powf(2, cup->rounds->len - round))); data/bygfoot-2.3.2/src/cup.c:1105:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Final")); data/bygfoot-2.3.2/src/cup.c:1108:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Semi-final")); data/bygfoot-2.3.2/src/cup.c:1111:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Quarter-final")); data/bygfoot-2.3.2/src/cup.c:1277:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(prefix, "NONAME"); data/bygfoot-2.3.2/src/debug.c:79:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fil = fopen(buf, "a"); data/bygfoot-2.3.2/src/file.c:194:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *fil = fopen(filename, bits); data/bygfoot-2.3.2/src/file.c:200:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). *fil = fopen(support_file, bits); data/bygfoot-2.3.2/src/file.c:679:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(hints_file, "bygfoot_hints_en"); data/bygfoot-2.3.2/src/file.c:999:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fil = fopen(buf, "r"); data/bygfoot-2.3.2/src/fixture.c:1065:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "-- : --"); data/bygfoot-2.3.2/src/fixture.c:1068:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(local_buf, "%d - %d", math_sum_int_array(fix->result[idx0], 3), data/bygfoot-2.3.2/src/fixture.c:1072:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(local_buf, _(" p.")); data/bygfoot-2.3.2/src/fixture.c:1075:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(local_buf, _(" e.t.")); data/bygfoot-2.3.2/src/fixture.c:1801:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, _(" -- Second leg")); data/bygfoot-2.3.2/src/fixture.c:1803:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, _(" -- First leg")); data/bygfoot-2.3.2/src/fixture.c:1806:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, _(" -- Replay matches")); data/bygfoot-2.3.2/src/game.c:1027:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _(" (P)")); data/bygfoot-2.3.2/src/game.c:1030:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _(" (FK)")); data/bygfoot-2.3.2/src/game.c:1033:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _(" (OG)")); data/bygfoot-2.3.2/src/game.c:1149:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%d", fix->round + 1); data/bygfoot-2.3.2/src/game_gui.c:85:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d.", live_game_unit_get_minute(unit)); data/bygfoot-2.3.2/src/game_gui.c:220:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f (%+.1f)", avskills[0], data/bygfoot-2.3.2/src/game_gui.c:351:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f %.1f", data/bygfoot-2.3.2/src/game_gui.c:815:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Click on OK to apply for the job. Click on CANCEL to close the window.")); data/bygfoot-2.3.2/src/game_gui.c:822:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf2, _(" (NOTE: If you don't, the game is over for you.)")); data/bygfoot-2.3.2/src/game_gui.c:848:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f", team_get_average_skill(tm, FALSE)); data/bygfoot-2.3.2/src/gui.c:53:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", number); data/bygfoot-2.3.2/src/language.c:251:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "en"); data/bygfoot-2.3.2/src/lg_commentary.c:154:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "FIXME!"); data/bygfoot-2.3.2/src/lg_commentary.c:323:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d : %d", unit->result[0], unit->result[1]); data/bygfoot-2.3.2/src/lg_commentary.c:525:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", data/bygfoot-2.3.2/src/lg_commentary.c:529:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("ALL OUT DEFEND")); data/bygfoot-2.3.2/src/lg_commentary.c:532:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("DEFEND")); data/bygfoot-2.3.2/src/lg_commentary.c:535:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("BALANCED")); data/bygfoot-2.3.2/src/lg_commentary.c:538:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("ATTACK")); data/bygfoot-2.3.2/src/lg_commentary.c:541:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("ALL OUT ATTACK")); data/bygfoot-2.3.2/src/lg_commentary.c:544:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("ANTI")); data/bygfoot-2.3.2/src/lg_commentary.c:547:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("OFF")); data/bygfoot-2.3.2/src/lg_commentary.c:550:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("ON")); data/bygfoot-2.3.2/src/live_game.c:1850:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("%d : %d p."), unit->result[idx], data/bygfoot-2.3.2/src/live_game.c:1854:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("%d : %d e.t."), unit->result[idx], data/bygfoot-2.3.2/src/live_game.c:1857:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d : %d", unit->result[idx], data/bygfoot-2.3.2/src/main.c:397:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd1 = open ("stdout.log", O_CREAT|O_WRONLY|O_TRUNC, 0666); data/bygfoot-2.3.2/src/main.c:399:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). int fd2 = open ("stderr.log", O_CREAT|O_WRONLY|O_TRUNC, 0666); data/bygfoot-2.3.2/src/misc.c:208:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%d", number); data/bygfoot-2.3.2/src/misc.c:215:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%d", math_get_place(number2, i)); data/bygfoot-2.3.2/src/misc.c:223:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "- "); data/bygfoot-2.3.2/src/misc.c:621:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%d", value); data/bygfoot-2.3.2/src/misc2_callback_func.c:198:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "radiobutton_contract%d", i + 1); data/bygfoot-2.3.2/src/misc2_callback_func.c:203:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "spinbutton_contract%d", i + 1); data/bygfoot-2.3.2/src/misc3_callbacks.c:154:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("You bet on outcome %d with an odd of %.2f. How much do you wager?"), data/bygfoot-2.3.2/src/news.c:418:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, "league_"); data/bygfoot-2.3.2/src/news.c:524:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_bool_multiple_scorers%d", i); data/bygfoot-2.3.2/src/news.c:529:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_scorers%d", i); data/bygfoot-2.3.2/src/news.c:533:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_highscorer%d", i); data/bygfoot-2.3.2/src/news.c:537:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_highscorer_goals%d", i); data/bygfoot-2.3.2/src/news.c:796:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_rank%d", i); data/bygfoot-2.3.2/src/news.c:798:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "string_token_oldrank%d", i); data/bygfoot-2.3.2/src/option_gui.c:515:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", CAMP_SCALE_MAX - gtk_spin_button_get_value_as_int( data/bygfoot-2.3.2/src/options_callbacks.c:188:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", CAMP_SCALE_MAX - gtk_spin_button_get_value_as_int(spinbutton)); data/bygfoot-2.3.2/src/start_end.c:141:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", team_get_league_rank(usr(i).tm, -1)); data/bygfoot-2.3.2/src/team.c:1059:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, _("W %d : %d"), data/bygfoot-2.3.2/src/team.c:1065:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, _("L %d : %d"), data/bygfoot-2.3.2/src/team.c:1070:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, _("Dw %d : %d"), data/bygfoot-2.3.2/src/team.c:1150:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result_buf, _("Dw ")); data/bygfoot-2.3.2/src/team.c:1154:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result_buf, _("L ")); data/bygfoot-2.3.2/src/team.c:1157:6: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(result_buf, _("W ")); data/bygfoot-2.3.2/src/team.c:1160:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(goals_buf, "%d : %d", goals[0], goals[1]); data/bygfoot-2.3.2/src/team.c:1408:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(results, "%d-%d-%d, %d:%d", won, lost, drawn, gf, ga); data/bygfoot-2.3.2/src/treeview.c:521:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3d.", live_game_unit_get_minute(unit)); data/bygfoot-2.3.2/src/treeview.c:567:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%3d.", unit->minute); data/bygfoot-2.3.2/src/treeview.c:853:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf( data/bygfoot-2.3.2/src/treeview.c:877:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf[1], " </span>"); data/bygfoot-2.3.2/src/treeview.c:935:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf[j], "%d", stats->values[j][i]); data/bygfoot-2.3.2/src/treeview.c:938:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf[j], "%d", (gint)rint(100 * ((gfloat)stats->values[j][i] / data/bygfoot-2.3.2/src/treeview.c:1023:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf3, _("Week %d Round %d"), fix->week_number, fix->week_round_number); data/bygfoot-2.3.2/src/treeview.c:1030:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf3, _("Week %d Round %d\nCup round %d"), data/bygfoot-2.3.2/src/treeview.c:1318:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf[j], "%d", elem->values[j - 2]); data/bygfoot-2.3.2/src/treeview.c:1320:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf[j], "%+d", elem->values[j - 2]); data/bygfoot-2.3.2/src/treeview.c:1486:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.0f%%", current_user.tm->stadium.safety * 100); data/bygfoot-2.3.2/src/treeview.c:1493:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Improvement in progress.\n%d seats and %d%% safety still to be done.\nExpected finish: %d weeks."), data/bygfoot-2.3.2/src/treeview.c:1546:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Bi-weekly balance\n(Week %d and %d)"), data/bygfoot-2.3.2/src/treeview.c:1549:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Bi-weekly balance\n(Week %d and %d)"), data/bygfoot-2.3.2/src/treeview.c:1553:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Bi-weekly balance")); data/bygfoot-2.3.2/src/treeview.c:1635:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.2f%%", current_interest * 100); data/bygfoot-2.3.2/src/treeview.c:1645:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Debt (repay in %d weeks)"), user->counters[COUNT_USER_LOAN]); data/bygfoot-2.3.2/src/treeview.c:1658:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("(starting week %d)"), user->alr_start_week); data/bygfoot-2.3.2/src/treeview.c:1679:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d%%", user->youth_academy.percentage); data/bygfoot-2.3.2/src/treeview.c:1796:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, "</span>"); data/bygfoot-2.3.2/src/treeview.c:1847:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _("Neutral ground")); data/bygfoot-2.3.2/src/treeview.c:1849:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _("Home")); data/bygfoot-2.3.2/src/treeview.c:1851:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf2, _("Away")); data/bygfoot-2.3.2/src/treeview.c:1869:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f", team_get_average_skill(opp, TRUE)); data/bygfoot-2.3.2/src/treeview.c:1890:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", opp->structure); data/bygfoot-2.3.2/src/treeview.c:2450:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d : %d", data/bygfoot-2.3.2/src/treeview.c:2486:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f", data/bygfoot-2.3.2/src/treeview.c:2490:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%.1f %%", (g_array_index(players[i], Stat, j).value3 > 0) ? data/bygfoot-2.3.2/src/treeview.c:2494:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, "%.1f %%", (g_array_index(players[i], Stat, j).value3 > 0) ? data/bygfoot-2.3.2/src/treeview.c:2505:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf4, "%d", g_array_index(players[i], Stat, j).value1); data/bygfoot-2.3.2/src/treeview.c:2641:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Season %d"), stat->season_number); data/bygfoot-2.3.2/src/treeview.c:2691:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(current_country, "%.*s", (gint)strlen(current_country) - 1, &buf2[1]); data/bygfoot-2.3.2/src/treeview2.c:626:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf2, _("Week %d Round %d"), data/bygfoot-2.3.2/src/treeview_helper.c:523:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "LEAGUE%d", league_idx); data/bygfoot-2.3.2/src/treeview_helper.c:784:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f", team_get_average_skill((Team*)team_pointer, FALSE)); data/bygfoot-2.3.2/src/treeview_helper.c:812:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", value); data/bygfoot-2.3.2/src/treeview_helper.c:951:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(format, _("\nGoals/Game %.1f Save %% %.1f")); data/bygfoot-2.3.2/src/treeview_helper.c:958:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(format, _("\nGoals/Game %.1f Shot %% %.1f")); data/bygfoot-2.3.2/src/treeview_helper.c:1094:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("OK")); data/bygfoot-2.3.2/src/treeview_helper.c:1147:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), pl->skill); data/bygfoot-2.3.2/src/treeview_helper.c:1169:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), pl->age); data/bygfoot-2.3.2/src/treeview_helper.c:1172:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), data/bygfoot-2.3.2/src/treeview_helper.c:1218:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, _(" (P)")); data/bygfoot-2.3.2/src/treeview_helper.c:1259:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f", 1 + opt_int("int_opt_player_precision"), data/bygfoot-2.3.2/src/treeview_helper.c:1297:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d(%d)", g_array_index(pl->cards, PlayerCard, 0).yellow, data/bygfoot-2.3.2/src/treeview_helper.c:1300:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", g_array_index(pl->cards, PlayerCard, 0).yellow); data/bygfoot-2.3.2/src/treeview_helper.c:1311:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d(%d)", yellow, data/bygfoot-2.3.2/src/treeview_helper.c:1314:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", yellow); data/bygfoot-2.3.2/src/treeview_helper.c:1363:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("INJ(%d)"), pl->recovery); data/bygfoot-2.3.2/src/treeview_helper.c:1377:6: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("BAN(%d)"), ban); data/bygfoot-2.3.2/src/treeview_helper.c:1390:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("OK")); data/bygfoot-2.3.2/src/treeview_helper.c:1445:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d(%d)", player_games_goals_get(pl, clid, type), data/bygfoot-2.3.2/src/treeview_helper.c:1448:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", player_games_goals_get(pl, clid, type)); data/bygfoot-2.3.2/src/treeview_helper.c:1462:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f%%", opt_int("int_opt_player_precision"), data/bygfoot-2.3.2/src/treeview_helper.c:1498:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("G")); data/bygfoot-2.3.2/src/treeview_helper.c:1506:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("D")); data/bygfoot-2.3.2/src/treeview_helper.c:1514:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("M")); data/bygfoot-2.3.2/src/treeview_helper.c:1522:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("F")); data/bygfoot-2.3.2/src/treeview_helper.c:1548:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), data/bygfoot-2.3.2/src/treeview_helper.c:1738:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("W")); data/bygfoot-2.3.2/src/treeview_helper.c:1749:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("L")); data/bygfoot-2.3.2/src/treeview_helper.c:1756:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Dw")); data/bygfoot-2.3.2/src/treeview_helper.c:1800:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.2f", bet->odds[column - 1]); data/bygfoot-2.3.2/src/treeview_helper.c:1802:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d - %d", fix->result[0][0], data/bygfoot-2.3.2/src/treeview_helper.c:1991:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%.1f", team_get_average_skill(job_get_team(job), FALSE)); data/bygfoot-2.3.2/src/treeview_helper.c:1993:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", job->talent_percent); data/bygfoot-2.3.2/src/user.c:270:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(prefix, "int_opt_user_pl%d_att", list_number); data/bygfoot-2.3.2/src/user.c:633:3: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, _(" Fortunately he's got a cousin who can help your team out.")); data/bygfoot-2.3.2/src/user.c:825:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "FIXME!!!"); data/bygfoot-2.3.2/src/user.c:1126:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Your current sponsor is satisfied with your results and would like to renew the contract. Currently they're paying you %d a week."), current_user.sponsor.benefit); data/bygfoot-2.3.2/src/user.c:1234:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(prefix, "___"); data/bygfoot-2.3.2/src/user.c:1269:2: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buf, ".bmm.zip"); data/bygfoot-2.3.2/src/window.c:90:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "(%d/%d)", counters[COUNT_HINT_NUMBER] + 1, data/bygfoot-2.3.2/src/window.c:115:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fil = fopen(filename, "r"); data/bygfoot-2.3.2/src/window.c:153:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fil = fopen(filename, "w"); data/bygfoot-2.3.2/src/window.c:645:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d%%", (gint)rint(tm->stadium.safety * 100)); data/bygfoot-2.3.2/src/window.c:648:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d%%", (gint)rint(average_attendance_perc * 100)); data/bygfoot-2.3.2/src/window.c:654:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, _("Improvement in progress.\n%d seats and %d%% safety still to be done.\nExpected finish: %d weeks."), data/bygfoot-2.3.2/src/window.c:865:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Erm...")); data/bygfoot-2.3.2/src/window.c:882:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Numbers...")); data/bygfoot-2.3.2/src/window.c:890:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Your stadium")); data/bygfoot-2.3.2/src/window.c:898:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Job offer")); data/bygfoot-2.3.2/src/window.c:906:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "???"); data/bygfoot-2.3.2/src/window.c:914:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Options")); data/bygfoot-2.3.2/src/window.c:922:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Select font")); data/bygfoot-2.3.2/src/window.c:937:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Contract offer")); data/bygfoot-2.3.2/src/window.c:945:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("User management")); data/bygfoot-2.3.2/src/window.c:953:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, "Bygfoot debug window"); data/bygfoot-2.3.2/src/window.c:968:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Transfer offer")); data/bygfoot-2.3.2/src/window.c:976:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Sponsorship offers")); data/bygfoot-2.3.2/src/window.c:984:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Memorable matches")); data/bygfoot-2.3.2/src/window.c:992:6: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Betting")); data/bygfoot-2.3.2/src/window.c:1007:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Training camp")); data/bygfoot-2.3.2/src/window.c:1015:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Automatic loan repayment")); data/bygfoot-2.3.2/src/window.c:1023:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Bygfoot News")); data/bygfoot-2.3.2/src/window.c:1031:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(buf, _("Bygfoot constants")); data/bygfoot-2.3.2/src/file.c:170:6: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/bygfoot-2.3.2/src/file.c:547:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/file.c:548:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(opt_name, ""); data/bygfoot-2.3.2/src/file.c:549:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(opt_value, ""); data/bygfoot-2.3.2/src/file.c:551:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while( (buf[0] == '#' || strlen(buf) == 0) && data/bygfoot-2.3.2/src/file.c:558:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(buf[0] != '#' && strlen(buf) != 0) data/bygfoot-2.3.2/src/file.c:560:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 1000) data/bygfoot-2.3.2/src/file.c:563:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0;i<strlen(buf);i++) data/bygfoot-2.3.2/src/file.c:570:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=strlen(buf) - 1;i>0;i--) data/bygfoot-2.3.2/src/file.c:643:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). opt_name[strlen(new.name) - (os_is_unix ? 5 : 6)] = '\0'; data/bygfoot-2.3.2/src/file.c:1003:24: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = (gchar)fgetc(fil)) != EOF) data/bygfoot-2.3.2/src/game.c:1035:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf2, ""); data/bygfoot-2.3.2/src/game.c:1063:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/game.c:1080:5: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 0) data/bygfoot-2.3.2/src/gui.c:47:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/gui.c:48:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf2, ""); data/bygfoot-2.3.2/src/language.c:59:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/language.c:120:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(local_code, "C"); data/bygfoot-2.3.2/src/language.c:143:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint len1 = strlen(def1), data/bygfoot-2.3.2/src/language.c:144:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len2 = strlen(def2), lenmin = MIN(len1, len2); data/bygfoot-2.3.2/src/language.c:255:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, cur_locale, 2); data/bygfoot-2.3.2/src/language.h:34:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define language_get_current_index() (strlen(opt_str("string_opt_language_code")) > 0) ? language_get_code_index(opt_str("string_opt_language_code")) : -1 data/bygfoot-2.3.2/src/lg_commentary.c:170:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(commentary->text) == 0 || data/bygfoot-2.3.2/src/load_save.c:62:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strndup(filename, strlen(filename) - strlen(const_str("string_fs_save_suffix"))) : data/bygfoot-2.3.2/src/load_save.c:62:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strndup(filename, strlen(filename) - strlen(const_str("string_fs_save_suffix"))) : data/bygfoot-2.3.2/src/load_save.c:198:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strndup(basename, strlen(basename) - strlen(const_str("string_fs_save_suffix"))) : data/bygfoot-2.3.2/src/load_save.c:198:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_strndup(basename, strlen(basename) - strlen(const_str("string_fs_save_suffix"))) : data/bygfoot-2.3.2/src/main.c:161:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *fullpath = (support_dir[strlen(support_dir)] == G_DIR_SEPARATOR) ? data/bygfoot-2.3.2/src/main.c:463:2: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/bygfoot-2.3.2/src/misc.c:107:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=0;i<strlen(string);i++) data/bygfoot-2.3.2/src/misc.c:113:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(start == strlen(string)) data/bygfoot-2.3.2/src/misc.c:119:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i=start;i<strlen(string) + 1;i++) data/bygfoot-2.3.2/src/misc.c:121:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(i < strlen(string) && !g_ascii_isspace(string[i])) data/bygfoot-2.3.2/src/misc.c:127:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 0) data/bygfoot-2.3.2/src/misc.c:198:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/misc.c:218:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, " "); data/bygfoot-2.3.2/src/misc.c:228:2: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "0"); data/bygfoot-2.3.2/src/misc.c:555:30: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(occurrence == NULL || strlen(string) < strlen(token)) data/bygfoot-2.3.2/src/misc.c:555:47: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(occurrence == NULL || strlen(string) < strlen(token)) data/bygfoot-2.3.2/src/misc.c:560:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, string, strlen(string) - strlen(occurrence)); data/bygfoot-2.3.2/src/misc.c:560:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf, string, strlen(string) - strlen(occurrence)); data/bygfoot-2.3.2/src/misc.c:560:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf, string, strlen(string) - strlen(occurrence)); data/bygfoot-2.3.2/src/misc.c:561:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(string) - strlen(occurrence)] = '\0'; data/bygfoot-2.3.2/src/misc.c:561:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(string) - strlen(occurrence)] = '\0'; data/bygfoot-2.3.2/src/misc.c:562:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strcpy(buf2, occurrence + strlen(token)); data/bygfoot-2.3.2/src/misc.c:586:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(string, ""); data/bygfoot-2.3.2/src/misc.c:589:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buf) - strlen(occurrence); data/bygfoot-2.3.2/src/misc.c:589:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). i = strlen(buf) - strlen(occurrence); data/bygfoot-2.3.2/src/misc.c:591:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf2, buf, i); data/bygfoot-2.3.2/src/misc.c:595:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). occurrence2 = g_strstr_len(occurrence, strlen(occurrence), "]"); data/bygfoot-2.3.2/src/misc.c:603:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(buf) - strlen(occurrence2); data/bygfoot-2.3.2/src/misc.c:603:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). j = strlen(buf) - strlen(occurrence2); data/bygfoot-2.3.2/src/misc.c:605:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf2, buf + i + 1, j - i - 1); data/bygfoot-2.3.2/src/misc.c:628:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(last_idx < strlen(buf)) data/bygfoot-2.3.2/src/misc.c:630:6: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf2, buf + last_idx, strlen(buf) - last_idx); data/bygfoot-2.3.2/src/misc.c:630:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(buf2, buf + last_idx, strlen(buf) - last_idx); data/bygfoot-2.3.2/src/misc.c:631:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf2[strlen(buf) - last_idx] = '\0'; data/bygfoot-2.3.2/src/misc.c:673:50: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const gchar *closepar = g_strstr_len(string, strlen(string), ")"); data/bygfoot-2.3.2/src/misc.c:674:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint len = strlen(openpar) - strlen(closepar) - 1; data/bygfoot-2.3.2/src/misc.c:674:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint len = strlen(openpar) - strlen(closepar) - 1; data/bygfoot-2.3.2/src/misc.c:676:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dest, openpar + 1, len); data/bygfoot-2.3.2/src/misc.c:786:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint len[2] = {strlen(string[0]), strlen(string[1])}; data/bygfoot-2.3.2/src/misc.c:786:39: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gint len[2] = {strlen(string[0]), strlen(string[1])}; data/bygfoot-2.3.2/src/misc.h:32:78: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define query_misc_string_contains(haystack, needle) (g_strstr_len(haystack, strlen(haystack), needle) != NULL) data/bygfoot-2.3.2/src/misc2_callback_func.c:254:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(user_name) > 0) data/bygfoot-2.3.2/src/misc_callback_func.c:153:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(player_name) > 0) data/bygfoot-2.3.2/src/news.c:416:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf2, ""); data/bygfoot-2.3.2/src/news.c:482:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/news.c:483:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(scorer_str, ""); data/bygfoot-2.3.2/src/news.c:484:9: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(high_scorer, ""); data/bygfoot-2.3.2/src/team.c:1047:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf4, ""); data/bygfoot-2.3.2/src/team.c:1048:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(neutral, ""); data/bygfoot-2.3.2/src/team.c:1134:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(result_buf, ""); data/bygfoot-2.3.2/src/treeview.c:872:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf[0], ""); data/bygfoot-2.3.2/src/treeview.c:873:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf[1], ""); data/bygfoot-2.3.2/src/treeview.c:1025:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(round_name, ""); data/bygfoot-2.3.2/src/treeview.c:1786:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf2, ""); data/bygfoot-2.3.2/src/treeview.c:1789:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf2, "|"); data/bygfoot-2.3.2/src/treeview.c:1795:6: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(buf, "|"); data/bygfoot-2.3.2/src/treeview.c:2691:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sprintf(current_country, "%.*s", (gint)strlen(current_country) - 1, &buf2[1]); data/bygfoot-2.3.2/src/treeview2.c:317:3: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview2.c:638:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:203:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(opt_str("string_opt_font_name")) > 0) data/bygfoot-2.3.2/src/treeview_helper.c:348:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(filename != NULL && strlen(filename) != 0) data/bygfoot-2.3.2/src/treeview_helper.c:782:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:810:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:938:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:980:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:995:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(buf) > 0) data/bygfoot-2.3.2/src/treeview_helper.c:1011:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:1049:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:1120:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:1293:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/bygfoot-2.3.2/src/treeview_helper.c:1317:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/bygfoot-2.3.2/src/treeview_helper.c:1437:2: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, "0"); data/bygfoot-2.3.2/src/treeview_helper.c:1581:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:1727:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/treeview_helper.c:1795:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/user.c:1152:49: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_string_append_len(prefix, filename_local, strlen(filename_local) - 8); data/bygfoot-2.3.2/src/user.c:1231:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prefix, filename, strlen(filename) - 8); data/bygfoot-2.3.2/src/user.c:1231:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(prefix, filename, strlen(filename) - 8); data/bygfoot-2.3.2/src/user.c:1232:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prefix[strlen(filename) - 8] = '\0'; data/bygfoot-2.3.2/src/user.c:1265:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf[strlen(buf) - 4] = '\0'; data/bygfoot-2.3.2/src/window.c:873:6: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(buf, ""); data/bygfoot-2.3.2/src/xml.c:84:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *prefix = g_strndup(basename, strlen(basename) - 4); data/bygfoot-2.3.2/src/xml.c:118:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). gchar *prefix = g_strndup(basename, strlen(basename) - 4); data/bygfoot-2.3.2/src/xml_country.c:174:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_cup.c:384:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_league.c:368:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_lg_commentary.c:260:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_cup.c:227:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_fixtures.c:151:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:133:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_league.c:218:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_league_stat.c:163:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:112:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_live_game.c:196:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_misc.c:164:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:135:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:151:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_table.c:131:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_teams.c:170:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_transfers.c:150:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_users.c:271:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_loadsave_users.c:323:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). new_history.string[idx] = (strlen(buf) == 0) ? NULL : g_strdup(buf); data/bygfoot-2.3.2/src/xml_mmatches.c:128:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_name.c:107:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_news.c:222:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_strategy.c:337:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); data/bygfoot-2.3.2/src/xml_team.c:197:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, text, text_len); ANALYSIS SUMMARY: Hits = 604 Lines analyzed = 64157 in approximately 4.35 seconds (14761 lines/second) Physical Source Lines of Code (SLOC) = 47299 Hits@level = [0] 1226 [1] 130 [2] 171 [3] 21 [4] 282 [5] 0 Hits@level+ = [0+] 1830 [1+] 604 [2+] 474 [3+] 303 [4+] 282 [5+] 0 Hits/KSLOC@level+ = [0+] 38.69 [1+] 12.7698 [2+] 10.0214 [3+] 6.40606 [4+] 5.96207 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.