Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/bygfoot-2.3.2/src/gui.h
Examining data/bygfoot-2.3.2/src/misc2_interface.c
Examining data/bygfoot-2.3.2/src/training_interface.h
Examining data/bygfoot-2.3.2/src/xml_lg_commentary.c
Examining data/bygfoot-2.3.2/src/xml_news.c
Examining data/bygfoot-2.3.2/src/option_gui.h
Examining data/bygfoot-2.3.2/src/cup.h
Examining data/bygfoot-2.3.2/src/training_interface.c
Examining data/bygfoot-2.3.2/src/treeview2.c
Examining data/bygfoot-2.3.2/src/game_gui.c
Examining data/bygfoot-2.3.2/src/callbacks.h
Examining data/bygfoot-2.3.2/src/xml_cup.h
Examining data/bygfoot-2.3.2/src/team.c
Examining data/bygfoot-2.3.2/src/lg_commentary_struct.h
Examining data/bygfoot-2.3.2/src/fixture.c
Examining data/bygfoot-2.3.2/src/main.c
Examining data/bygfoot-2.3.2/src/training_callbacks.c
Examining data/bygfoot-2.3.2/src/misc.h
Examining data/bygfoot-2.3.2/src/live_game.c
Examining data/bygfoot-2.3.2/src/interface.c
Examining data/bygfoot-2.3.2/src/player_struct.h
Examining data/bygfoot-2.3.2/src/job_struct.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_table.c
Examining data/bygfoot-2.3.2/src/gui.c
Examining data/bygfoot-2.3.2/src/xml_name.c
Examining data/bygfoot-2.3.2/src/language.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_league.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_teams.c
Examining data/bygfoot-2.3.2/src/free.h
Examining data/bygfoot-2.3.2/src/user.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_cup.c
Examining data/bygfoot-2.3.2/src/stat_struct.h
Examining data/bygfoot-2.3.2/src/misc_interface.h
Examining data/bygfoot-2.3.2/src/free.c
Examining data/bygfoot-2.3.2/src/transfer.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_newspaper.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_cup.h
Examining data/bygfoot-2.3.2/src/xml_league.h
Examining data/bygfoot-2.3.2/src/misc3_interface.c
Examining data/bygfoot-2.3.2/src/main.h
Examining data/bygfoot-2.3.2/src/load_save.h
Examining data/bygfoot-2.3.2/src/maths.c
Examining data/bygfoot-2.3.2/src/youth_academy_struct.h
Examining data/bygfoot-2.3.2/src/misc2_callback_func.c
Examining data/bygfoot-2.3.2/src/xml_country.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_misc.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_teams.h
Examining data/bygfoot-2.3.2/src/player.c
Examining data/bygfoot-2.3.2/src/user.h
Examining data/bygfoot-2.3.2/src/treeview.h
Examining data/bygfoot-2.3.2/src/misc_callbacks.c
Examining data/bygfoot-2.3.2/src/strategy_struct.h
Examining data/bygfoot-2.3.2/src/debug.c
Examining data/bygfoot-2.3.2/src/stat.c
Examining data/bygfoot-2.3.2/src/training_callbacks.h
Examining data/bygfoot-2.3.2/src/debug.h
Examining data/bygfoot-2.3.2/src/fixture_struct.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_fixtures.h
Examining data/bygfoot-2.3.2/src/xml_league.c
Examining data/bygfoot-2.3.2/src/xml_name.h
Examining data/bygfoot-2.3.2/src/game.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_transfers.h
Examining data/bygfoot-2.3.2/src/misc2_interface.h
Examining data/bygfoot-2.3.2/src/xml_strategy.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_league_stat.h
Examining data/bygfoot-2.3.2/src/youth_academy.h
Examining data/bygfoot-2.3.2/src/start_end.c
Examining data/bygfoot-2.3.2/src/misc_callback_func.h
Examining data/bygfoot-2.3.2/src/transfer.c
Examining data/bygfoot-2.3.2/src/option.h
Examining data/bygfoot-2.3.2/src/league_table_interface.h
Examining data/bygfoot-2.3.2/src/xml_team.h
Examining data/bygfoot-2.3.2/src/nonsourcestrings.c
Examining data/bygfoot-2.3.2/src/youth_academy.c
Examining data/bygfoot-2.3.2/src/training_struct.h
Examining data/bygfoot-2.3.2/src/treeview.c
Examining data/bygfoot-2.3.2/src/live_game.h
Examining data/bygfoot-2.3.2/src/misc2_callbacks.c
Examining data/bygfoot-2.3.2/src/transfer_struct.h
Examining data/bygfoot-2.3.2/src/cup.c
Examining data/bygfoot-2.3.2/src/lg_commentary.c
Examining data/bygfoot-2.3.2/src/misc.c
Examining data/bygfoot-2.3.2/src/finance.c
Examining data/bygfoot-2.3.2/src/xml_country.c
Examining data/bygfoot-2.3.2/src/interface.h
Examining data/bygfoot-2.3.2/src/callback_func.c
Examining data/bygfoot-2.3.2/src/finance.h
Examining data/bygfoot-2.3.2/src/team_struct.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c
Examining data/bygfoot-2.3.2/src/option_struct.h
Examining data/bygfoot-2.3.2/src/name.h
Examining data/bygfoot-2.3.2/src/options_interface.h
Examining data/bygfoot-2.3.2/src/enums.h
Examining data/bygfoot-2.3.2/src/table.h
Examining data/bygfoot-2.3.2/src/option_gui.c
Examining data/bygfoot-2.3.2/src/league_struct.h
Examining data/bygfoot-2.3.2/src/xml.c
Examining data/bygfoot-2.3.2/src/news.h
Examining data/bygfoot-2.3.2/src/xml_news.h
Examining data/bygfoot-2.3.2/src/window.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_users.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_transfers.c
Examining data/bygfoot-2.3.2/src/misc2_callback_func.h
Examining data/bygfoot-2.3.2/src/name_struct.h
Examining data/bygfoot-2.3.2/src/job.h
Examining data/bygfoot-2.3.2/src/gettext_macros.h
Examining data/bygfoot-2.3.2/src/misc3_interface.h
Examining data/bygfoot-2.3.2/src/lg_commentary.h
Examining data/bygfoot-2.3.2/src/bet.c
Examining data/bygfoot-2.3.2/src/league_table_callbacks.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_season_stats.h
Examining data/bygfoot-2.3.2/src/strategy.h
Examining data/bygfoot-2.3.2/src/xml_cup.c
Examining data/bygfoot-2.3.2/src/league_table_callbacks.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_table.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_live_game.c
Examining data/bygfoot-2.3.2/src/misc_interface.c
Examining data/bygfoot-2.3.2/src/game.c
Examining data/bygfoot-2.3.2/src/load_save.c
Examining data/bygfoot-2.3.2/src/league.h
Examining data/bygfoot-2.3.2/src/stat.h
Examining data/bygfoot-2.3.2/src/misc_callback_func.c
Examining data/bygfoot-2.3.2/src/xml.h
Examining data/bygfoot-2.3.2/src/treeview_helper.c
Examining data/bygfoot-2.3.2/src/callback_func.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_league_stat.c
Examining data/bygfoot-2.3.2/src/xml_lg_commentary.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_players.c
Examining data/bygfoot-2.3.2/src/table.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_live_game.h
Examining data/bygfoot-2.3.2/src/misc3_callbacks.c
Examining data/bygfoot-2.3.2/src/bygfoot_private.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_misc.h
Examining data/bygfoot-2.3.2/src/name.c
Examining data/bygfoot-2.3.2/src/news.c
Examining data/bygfoot-2.3.2/src/variables.h
Examining data/bygfoot-2.3.2/src/bet.h
Examining data/bygfoot-2.3.2/src/misc2_callbacks.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_users.h
Examining data/bygfoot-2.3.2/src/strategy.c
Examining data/bygfoot-2.3.2/src/xml_loadsave_jobs.h
Examining data/bygfoot-2.3.2/src/cup_struct.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_fixtures.c
Examining data/bygfoot-2.3.2/src/maths.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_jobs.c
Examining data/bygfoot-2.3.2/src/team.h
Examining data/bygfoot-2.3.2/src/xml_mmatches.h
Examining data/bygfoot-2.3.2/src/player.h
Examining data/bygfoot-2.3.2/src/language.h
Examining data/bygfoot-2.3.2/src/fixture.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c
Examining data/bygfoot-2.3.2/src/xml_team.c
Examining data/bygfoot-2.3.2/src/bet_struct.h
Examining data/bygfoot-2.3.2/src/table_struct.h
Examining data/bygfoot-2.3.2/src/file.h
Examining data/bygfoot-2.3.2/src/xml_mmatches.c
Examining data/bygfoot-2.3.2/src/user_struct.h
Examining data/bygfoot-2.3.2/src/start_end.h
Examining data/bygfoot-2.3.2/src/window.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_players.h
Examining data/bygfoot-2.3.2/src/news_struct.h
Examining data/bygfoot-2.3.2/src/support.h
Examining data/bygfoot-2.3.2/src/job.c
Examining data/bygfoot-2.3.2/src/option.c
Examining data/bygfoot-2.3.2/src/treeview_helper.h
Examining data/bygfoot-2.3.2/src/file.c
Examining data/bygfoot-2.3.2/src/options_callbacks.c
Examining data/bygfoot-2.3.2/src/misc_callbacks.h
Examining data/bygfoot-2.3.2/src/callbacks.c
Examining data/bygfoot-2.3.2/src/xml_strategy.c
Examining data/bygfoot-2.3.2/src/options_callbacks.h
Examining data/bygfoot-2.3.2/src/live_game_struct.h
Examining data/bygfoot-2.3.2/src/treeview2.h
Examining data/bygfoot-2.3.2/src/training.c
Examining data/bygfoot-2.3.2/src/game_gui.h
Examining data/bygfoot-2.3.2/src/xml_loadsave_league.h
Examining data/bygfoot-2.3.2/src/league_table_interface.c
Examining data/bygfoot-2.3.2/src/support.c
Examining data/bygfoot-2.3.2/src/misc3_callbacks.h
Examining data/bygfoot-2.3.2/src/league.c
Examining data/bygfoot-2.3.2/src/options_interface.c
Examining data/bygfoot-2.3.2/src/training.h
Examining data/bygfoot-2.3.2/src/bygfoot.h
FINAL RESULTS:
data/bygfoot-2.3.2/src/callback_func.c:395:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You can take out at most %s."), buf2);
data/bygfoot-2.3.2/src/callback_func.c:425:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You can pay back at most %s"), buf2);
data/bygfoot-2.3.2/src/callback_func.c:468:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s would like to buy %s. They offer %s for him, which is %s than the player's value. Do you accept?"), transoff(idx, 0).tm->name,
data/bygfoot-2.3.2/src/callback_func.c:512:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You offered a transfer fee of %s and a wage of %s for %s. The owners and the player are satisfied with your offer. Do you still want to buy the player?"),
data/bygfoot-2.3.2/src/callback_func.c:571:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You are making an offer for %s. Your scout's recommendations for fee and wage are preset."),
data/bygfoot-2.3.2/src/callback_func.c:579:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You are making an offer for %s again. Your previous values for fee and wage are preset."),
data/bygfoot-2.3.2/src/callback_func.c:629:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You are negotiating with %s about a new contract. Pay attention to what you're doing; if you don't come to terms with him within %d offers, he's going to leave your team after his current contract expires (unless you sell him). You may only abort BEFORE making the first offer.\nYour scout's recommendations are preset:"),
data/bygfoot-2.3.2/src/callback_func.c:771:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You want to fire %s. Since his contract expires in %.1f years, he demands a compensation of %s. Do you accept?"), pl->name, pl->contract, buf2);
data/bygfoot-2.3.2/src/cup.c:1230:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "string_cup_%s",
data/bygfoot-2.3.2/src/debug.c:64:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s %s\n", logtime_string, buf);
data/bygfoot-2.3.2/src/debug.c:70:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%sbygfoot.log", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/debug.c:75:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%sbygfoot.log", pwd, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/file.c:163:8: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if(system(command->str) != 0)
data/bygfoot-2.3.2/src/file.c:234:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", home, G_DIR_SEPARATOR_S, dirs[i]);
data/bygfoot-2.3.2/src/file.c:259:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%s%s", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:285:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%s%s", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:295:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%s%s%s%s", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:303:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:310:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:316:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", basename, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:384:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("Copying %s"), filename);
data/bygfoot-2.3.2/src/file.c:506:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", g_strdup(country_structure),
data/bygfoot-2.3.2/src/file.c:642:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(opt_name, new.name);
data/bygfoot-2.3.2/src/file.c:673:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(hints_file, "bygfoot_hints_%s", buf);
data/bygfoot-2.3.2/src/file.c:720:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "bygfoot_%s.conf", user->name);
data/bygfoot-2.3.2/src/file.c:931:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dir, "%s%s%s", home, G_DIR_SEPARATOR_S, HOMEDIRNAME);
data/bygfoot-2.3.2/src/file.c:933:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dir, "%s%s", pwd, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/file.c:952:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%ssaves%s%s", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:958:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssaves%s%s", pwd, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:988:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%ssaves%s%s", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/file.c:994:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssaves%s%s", pwd, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/fixture.c:1078:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s (%d - %d)", local_buf,
data/bygfoot-2.3.2/src/fixture.c:1082:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, local_buf);
data/bygfoot-2.3.2/src/game.c:1047:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %d%s",
data/bygfoot-2.3.2/src/game.c:1057:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %d%s", player_name,
data/bygfoot-2.3.2/src/game.c:1066:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", player_of_id_team(tm[team], player)->name);
data/bygfoot-2.3.2/src/game.c:1071:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", player_of_id_team(tm[team], player2)->name);
data/bygfoot-2.3.2/src/game.c:1076:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", player_of_id_team(tm[team], player)->name);
data/bygfoot-2.3.2/src/game_gui.c:806:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("The team owners have fired you because of financial mismanagement. Luckily, the owners of %s have heard of your dismissal and offer you a job. Here's some information on %s:"),
data/bygfoot-2.3.2/src/game_gui.c:809:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("The team owners have fired you because of unsuccessfulness. Luckily, the owners of %s have heard of your dismissal and offer you a job. Here's some information on %s:"),
data/bygfoot-2.3.2/src/game_gui.c:812:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("The owners of %s are deeply impressed by your success with %s and would like to hire you. Here's some information on %s:"),
data/bygfoot-2.3.2/src/game_gui.c:817:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, (type != STATUS_JOB_EXCHANGE_SHOW_TEAM) ?
data/bygfoot-2.3.2/src/game_gui.h:59:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/bygfoot-2.3.2/src/game_gui.h:68:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/bygfoot-2.3.2/src/game_gui.h:80:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 1, 2)));
data/bygfoot-2.3.2/src/gui.c:56:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s", buf);
data/bygfoot-2.3.2/src/gui.c:58:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s", current_text, buf);
data/bygfoot-2.3.2/src/language.c:57:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, (gchar*)g_ptr_array_index(codes, index - 1));
data/bygfoot-2.3.2/src/language.c:66:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%slocale", dir, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/language.c:69:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, dir);
data/bygfoot-2.3.2/src/language.c:117:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_code, code);
data/bygfoot-2.3.2/src/language.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, opt_str("string_opt_language_code"));
data/bygfoot-2.3.2/src/lg_commentary.c:649:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentary_file, "lg_commentary_%s.xml", buf);
data/bygfoot-2.3.2/src/load_save.c:82:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___options", prefix);
data/bygfoot-2.3.2/src/load_save.c:84:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___settings", prefix);
data/bygfoot-2.3.2/src/load_save.c:163:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___", prefix);
data/bygfoot-2.3.2/src/load_save.c:378:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%ssaves%s%s_%02d.zip", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/load_save.c:384:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssaves%s%s_%02d.zip", pwd, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/load_save.c:417:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "autosave_%s_%s_%s_S%02d_W%02d",
data/bygfoot-2.3.2/src/main.c:355:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", g_get_home_dir(), G_DIR_SEPARATOR_S, HOMEDIRNAME);
data/bygfoot-2.3.2/src/main.c:361:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssupport_files", dir, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/main.c:364:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssaves", dir, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/main.h:40:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((noreturn, format (printf, 2, 3)));
data/bygfoot-2.3.2/src/misc.c:209:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/misc.c:216:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/misc.c:224:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf2, buf);
data/bygfoot-2.3.2/src/misc.c:225:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", buf2);
data/bygfoot-2.3.2/src/misc.c:541:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, array[count]);
data/bygfoot-2.3.2/src/misc.c:562:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, occurrence + strlen(token));
data/bygfoot-2.3.2/src/misc.c:563:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%s%s%s", buf, replacement, buf2);
data/bygfoot-2.3.2/src/misc.c:585:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, string);
data/bygfoot-2.3.2/src/misc.c:593:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf2);
data/bygfoot-2.3.2/src/misc.c:623:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf2);
data/bygfoot-2.3.2/src/misc.c:632:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, buf2);
data/bygfoot-2.3.2/src/misc.c:662:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "(%s)", paren);
data/bygfoot-2.3.2/src/misc.c:687:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, condition);
data/bygfoot-2.3.2/src/misc.c:701:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, buf);
data/bygfoot-2.3.2/src/misc.c:763:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, text_tokens);
data/bygfoot-2.3.2/src/misc.c:767:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, dest);
data/bygfoot-2.3.2/src/misc2_callbacks.c:412:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("Remove user %s from the game?"), usr(idx).name);
data/bygfoot-2.3.2/src/name.c:94:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s", name_get_random_first_name(namelist),
data/bygfoot-2.3.2/src/news.c:77:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(title_small, "%s %s %s",
data/bygfoot-2.3.2/src/news.c:420:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "string_token_streak_%swon%d", buf2, i);
data/bygfoot-2.3.2/src/news.c:424:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "string_token_streak_%slost%d", buf2, i);
data/bygfoot-2.3.2/src/news.c:428:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "string_token_streak_%sunbeaten%d", buf2, i);
data/bygfoot-2.3.2/src/news.c:494:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(high_scorer, scorer);
data/bygfoot-2.3.2/src/news.c:500:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, "%s (%d)", scorer, scorer_goals);
data/bygfoot-2.3.2/src/news.c:502:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, "%s", scorer);
data/bygfoot-2.3.2/src/news.c:507:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, _("%s and %s (%d)"), buf, scorer, scorer_goals);
data/bygfoot-2.3.2/src/news.c:509:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, _("%s and %s"), buf, scorer);
data/bygfoot-2.3.2/src/news.c:514:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, "%s, %s (%d)", buf, scorer, scorer_goals);
data/bygfoot-2.3.2/src/news.c:516:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(scorer_str, "%s, %s", buf, scorer);
data/bygfoot-2.3.2/src/news.c:519:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, scorer_str);
data/bygfoot-2.3.2/src/news.c:843:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(news_file, "news_%s.xml", buf);
data/bygfoot-2.3.2/src/options_callbacks.c:59:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%sbygfoot.conf", conf_dir, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/options_callbacks.c:66:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%sbygfoot_user.conf", conf_dir, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/options_callbacks.c:68:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%sbygfoot_%s.conf", conf_dir, G_DIR_SEPARATOR_S, current_user.name);
data/bygfoot-2.3.2/src/options_callbacks.c:254:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", file_get_first_support_dir(),
data/bygfoot-2.3.2/src/options_callbacks.c:260:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", file_get_first_support_dir(),
data/bygfoot-2.3.2/src/start_end.c:387:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s %s %s",
data/bygfoot-2.3.2/src/start_end.c:423:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s %s %s",
data/bygfoot-2.3.2/src/team.c:1080:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf3, _("%s (H) "), buf2);
data/bygfoot-2.3.2/src/team.c:1086:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf3, _("<span background='%s' foreground='%s'>%s (A) </span> "),
data/bygfoot-2.3.2/src/team.c:1096:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf3, _("%s (N) "), buf2);
data/bygfoot-2.3.2/src/team.c:1101:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf4, buf3);
data/bygfoot-2.3.2/src/team.c:1106:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, buf4);
data/bygfoot-2.3.2/src/team.c:1107:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf4, "%s%s", buf3, buf2);
data/bygfoot-2.3.2/src/team.c:1110:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(neutral, buf3);
data/bygfoot-2.3.2/src/team.c:1114:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s", buf4, neutral);
data/bygfoot-2.3.2/src/team.c:1199:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "team_%s.xml", tm->def_file);
data/bygfoot-2.3.2/src/treeview.c:523:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:528:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:879:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], "<span background='%s'> ",
data/bygfoot-2.3.2/src/treeview.c:882:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], "<span background='%s'> ",
data/bygfoot-2.3.2/src/treeview.c:885:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], "<span background='%s'> ",
data/bygfoot-2.3.2/src/treeview.c:898:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf3, "%s%s%s", buf[0],
data/bygfoot-2.3.2/src/treeview.c:908:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[1], _("Attendance\n%s"), buf[0]);
data/bygfoot-2.3.2/src/treeview.c:916:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], _("<span background='%s'>There were technical problems\nin the stadium.</span>"),
data/bygfoot-2.3.2/src/treeview.c:919:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], _("<span background='%s'>There were riots\nin the stadium.</span>"),
data/bygfoot-2.3.2/src/treeview.c:922:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], _("<span background='%s'>There was a fire\nin the stadium.</span>"),
data/bygfoot-2.3.2/src/treeview.c:1033:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(round_name, "\n%s", g_array_index(cup_from_clid(fix->clid)->rounds, CupRound, fix->round).name);
data/bygfoot-2.3.2/src/treeview.c:1037:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span background='%s' foreground='%s'>%s%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1041:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1097:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[i], "<span background='%s' foreground='%s'>%s [%d]</span>",
data/bygfoot-2.3.2/src/treeview.c:1102:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[i], "<span background='%s' foreground='%s'>%s (%d)</span>",
data/bygfoot-2.3.2/src/treeview.c:1106:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[i], "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1109:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[2], "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1243:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, table->name);
data/bygfoot-2.3.2/src/treeview.c:1251:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s Group %d"), cup_from_clid(table->clid)->name, table_index + 1);
data/bygfoot-2.3.2/src/treeview.c:1253:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", cup_from_clid(table->clid)->name);
data/bygfoot-2.3.2/src/treeview.c:1303:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[0], "<span background='%s' foreground='%s'>%d</span>",
data/bygfoot-2.3.2/src/treeview.c:1308:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[1], "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1311:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[1], "<span background='%s' foreground='%s'>%s (%s)</span>",
data/bygfoot-2.3.2/src/treeview.c:1570:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1582:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, buf);
data/bygfoot-2.3.2/src/treeview.c:1584:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1595:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1605:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1614:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>", const_app("string_treeview_finances_expenses_fg"), buf);
data/bygfoot-2.3.2/src/treeview.c:1625:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf2, buf);
data/bygfoot-2.3.2/src/treeview.c:1627:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1642:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s (%.2f%% %s)</span>",
data/bygfoot-2.3.2/src/treeview.c:1656:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1672:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, _("%.1f months / %s"), ((gfloat)user->sponsor.contract) / 4, buf);
data/bygfoot-2.3.2/src/treeview.c:1791:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s\n<span foreground='%s'>", buf2,
data/bygfoot-2.3.2/src/treeview.c:1824:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, league_cup_get_name_string(fix->clid));
data/bygfoot-2.3.2/src/treeview.c:1826:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s (%s)", league_cup_get_name_string(fix->clid),
data/bygfoot-2.3.2/src/treeview.c:1836:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("<span foreground='%s' background='%s'>Week %d Round %d</span>"),
data/bygfoot-2.3.2/src/treeview.c:1841:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("<span foreground='%s' background='%s'>Week %d Round %d</span>"),
data/bygfoot-2.3.2/src/treeview.c:1863:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d (%s)", rank,
data/bygfoot-2.3.2/src/treeview.c:1872:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, " (<span foreground='%s'>%+.1f</span>)",
data/bygfoot-2.3.2/src/treeview.c:1877:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, " (<span foreground='%s'>%+.1f</span>)",
data/bygfoot-2.3.2/src/treeview.c:1882:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview.c:1986:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "<span background='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:1990:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, g_array_index(table_elements, TableElement, i).team->name);
data/bygfoot-2.3.2/src/treeview.c:2458:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "<span background='%s' foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:2501:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf3, "<span background='%s' foreground='%s'>%s (%s)</span>",
data/bygfoot-2.3.2/src/treeview.c:2733:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", "");
data/bygfoot-2.3.2/src/treeview.c:2734:15: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "flag_%s.png", (gchar*)dir_split_up[j]);
data/bygfoot-2.3.2/src/treeview.c:2796:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "\n<span %s>%s</span>",
data/bygfoot-2.3.2/src/treeview.c:2804:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, g_array_index(help_list.list, Option, i).string_value);
data/bygfoot-2.3.2/src/treeview2.c:345:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, buf2);
data/bygfoot-2.3.2/src/treeview2.c:347:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span foreground='%s'>%s</span>",
data/bygfoot-2.3.2/src/treeview2.c:360:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(team_names[j], "%s [%d]",
data/bygfoot-2.3.2/src/treeview2.c:365:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(team_names[j], "%s (%d)",
data/bygfoot-2.3.2/src/treeview2.c:369:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(team_names[j], fix->teams[j]->name);
data/bygfoot-2.3.2/src/treeview2.c:487:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s (%d)", g_array_index(jobs, Job, i).league_name,
data/bygfoot-2.3.2/src/treeview2.c:598:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "\n<span %s>%s</span>",
data/bygfoot-2.3.2/src/treeview2.c:629:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span %s>%s</span>\n\n",
data/bygfoot-2.3.2/src/treeview_helper.c:941:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s %d ", titles[i], pl->career[i]);
data/bygfoot-2.3.2/src/treeview_helper.c:942:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview_helper.c:964:5: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(buf2, format, goals_game, shot_perc);
data/bygfoot-2.3.2/src/treeview_helper.c:965:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview_helper.c:987:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, _("%s: %d weeks\n"),
data/bygfoot-2.3.2/src/treeview_helper.c:990:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview_helper.c:1021:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s: %d (%d)\n",
data/bygfoot-2.3.2/src/treeview_helper.c:1028:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, _("%s: %d (no limit)\n"),
data/bygfoot-2.3.2/src/treeview_helper.c:1032:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview_helper.c:1053:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s: %d/%d\n",
data/bygfoot-2.3.2/src/treeview_helper.c:1057:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, buf2);
data/bygfoot-2.3.2/src/treeview_helper.c:1087:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s (expected recovery in %d weeks)"),
data/bygfoot-2.3.2/src/treeview_helper.c:1186:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", pl->team->name);
data/bygfoot-2.3.2/src/treeview_helper.c:1188:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s (%s)", pl->team->name, pl->team->strategy_sid);
data/bygfoot-2.3.2/src/treeview_helper.c:1192:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, (idx == -1) ?
data/bygfoot-2.3.2/src/treeview_helper.c:1214:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, pl->name);
data/bygfoot-2.3.2/src/treeview_helper.c:1584:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span %s>%s</span>",
data/bygfoot-2.3.2/src/treeview_helper.c:1715:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, fix->teams[!user_idx]->name);
data/bygfoot-2.3.2/src/treeview_helper.c:1885:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s\n%s", league_cup_get_name_string(article->clid), round_name);
data/bygfoot-2.3.2/src/treeview_helper.c:1888:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s", league_cup_get_name_string(article->clid));
data/bygfoot-2.3.2/src/treeview_helper.c:1890:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span %s>%s</span>",
data/bygfoot-2.3.2/src/treeview_helper.c:1934:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span %s>%s</span>",
data/bygfoot-2.3.2/src/treeview_helper.c:1982:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, job->country_name);
data/bygfoot-2.3.2/src/user.c:116:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s", g_array_index(lig(user->scout).teams, Team, rndom).name);
data/bygfoot-2.3.2/src/user.c:630:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s's injury was so severe that he can't play football on a professional level anymore. He leaves your team."), player_of_id_team(event->user->tm, event->value1)->name);
data/bygfoot-2.3.2/src/user.c:828:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You start the game with %s in the %s."),
data/bygfoot-2.3.2/src/user.c:834:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s fires you because of financial mismanagement.\nYou find a new job with %s in the %s."),
data/bygfoot-2.3.2/src/user.c:841:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s fires you because of unsuccessfulness.\nYou find a new job with %s in the %s."),
data/bygfoot-2.3.2/src/user.c:848:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("%s offer you a job in the %s.\nYou accept the challenge and leave %s."),
data/bygfoot-2.3.2/src/user.c:855:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You finish the season in the %s on rank %s."),
data/bygfoot-2.3.2/src/user.c:861:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You get promoted to the %s."),
data/bygfoot-2.3.2/src/user.c:866:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You get relegated to the %s."),
data/bygfoot-2.3.2/src/user.c:871:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You win the %s final against %s."),
data/bygfoot-2.3.2/src/user.c:877:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You lose in the %s final against %s."),
data/bygfoot-2.3.2/src/user.c:883:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You reach the %s (round %s) of the %s."),
data/bygfoot-2.3.2/src/user.c:890:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("You are champion of the %s!"),
data/bygfoot-2.3.2/src/user.c:1151:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename_local, filename);
data/bygfoot-2.3.2/src/user.c:1155:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(matches_file, "%s___mmatches", prefix->str);
data/bygfoot-2.3.2/src/user.c:1257:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, filename);
data/bygfoot-2.3.2/src/user.c:1261:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, filename);
data/bygfoot-2.3.2/src/user.c:1273:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dest, "%s.bmm.zip", buf);
data/bygfoot-2.3.2/src/user.h:76:25: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 6, 7)));
data/bygfoot-2.3.2/src/window.c:112:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%shint_num",
data/bygfoot-2.3.2/src/window.c:150:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%shint_num",
data/bygfoot-2.3.2/src/window.c:225:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", picdir, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/window.c:272:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "<span %s>Bygfoot Football Manager %s</span>\n(c) %s Győző Both (gyboth@bygfoot.com)\nhttp://bygfoot.sourceforge.net", const_app("string_help_window_program_name_attribute"), VERS, YEAR);
data/bygfoot-2.3.2/src/window.c:415:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s%ssaves", home, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/window.c:420:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%ssaves", pwd, G_DIR_SEPARATOR_S);
data/bygfoot-2.3.2/src/window.c:747:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%swindow_settings",
data/bygfoot-2.3.2/src/window.c:782:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%swindow_settings",
data/bygfoot-2.3.2/src/window.c:817:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Bygfoot Football Manager %s", VERS);
data/bygfoot-2.3.2/src/window.c:835:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "Bygfoot Football Manager %s", VERS);
data/bygfoot-2.3.2/src/window.c:855:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, league_cup_get_name_string(((LiveGame*)statp)->fix->clid));
data/bygfoot-2.3.2/src/xml.c:65:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s___user_%02d_options",
data/bygfoot-2.3.2/src/xml.c:69:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s___user_%02d_live_game.xml",
data/bygfoot-2.3.2/src/xml.c:88:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml.c:89:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(team_file, "%s%s%s_teams.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml.c:92:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("Loading league: %s"),
data/bygfoot-2.3.2/src/xml.c:101:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s_fixtures.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml.c:104:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s_stat.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml.c:120:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml.c:123:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, _("Loading cup: %s"),
data/bygfoot-2.3.2/src/xml.c:131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s_fixtures.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml.c:146:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s___transfer_list.xml", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml_country.c:235:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "country_%s.xml", country_name);
data/bygfoot-2.3.2/src/xml_country.c:249:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, file_name);
data/bygfoot-2.3.2/src/xml_cup.c:502:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "cup_%s.xml", cup_name);
data/bygfoot-2.3.2/src/xml_cup.c:514:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, file_name);
data/bygfoot-2.3.2/src/xml_league.c:505:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "league_%s.xml", league_name);
data/bygfoot-2.3.2/src/xml_league.c:517:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, file_name);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:302:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:315:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:406:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d_fixtures.xml", prefix, cup->id);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:409:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d.xml", prefix, cup->id);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:479:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d_round_%02d_teams.xml",
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:483:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d_round_%02d_teams.xml",
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:538:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d_round_%02d_table_%02d.xml", basename, cup->id, round, i);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:541:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d_round_%02d_table_%02d.xml", prefix, cup->id, round, i);
data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:177:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s%s%s___job_teams.xml", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:180:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s%s%s___jobs.xml", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:215:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___job_teams.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:218:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___jobs.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:283:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:363:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d_teams.xml", prefix, league->id);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:366:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d_fixtures.xml", prefix, league->id);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:369:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d_stat.xml", prefix, league->id);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:372:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d.xml", prefix, league->id);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:409:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d_table_%02d.xml", basename, league->id, i);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:412:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d_table_%02d.xml", prefix, league->id, i);
data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:142:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s%s%s___leagues_cups.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:186:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___leagues_cups.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:194:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___league_%d.xml", basename, lig(i).id);
data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:201:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___cup_%d.xml", basename, cp(i).id);
data/bygfoot-2.3.2/src/xml_loadsave_misc.c:214:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s%s%s___misc.xml", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml_loadsave_misc.c:255:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___misc.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:182:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s%s___newspaper.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:217:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___newspaper.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:165:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf2, "%s%s%s", dirname2, G_DIR_SEPARATOR_S, buf);
data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:190:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s%s%s___season_stats.xml", dirname, G_DIR_SEPARATOR_S, prefix);
data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:226:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___season_stats.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:277:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___season_stats_league_stat_%02d-%02d.xml", prefix, i, j);
data/bygfoot-2.3.2/src/xml_loadsave_transfers.c:223:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___transfer_list.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:370:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(file, "%s%s%s___users.xml", dirname, G_DIR_SEPARATOR_S, basename);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:407:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___user_%02d_options", prefix, i);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:410:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___user_%02d_live_game.xml", prefix, i);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:414:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s___users.xml", prefix);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:433:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, usr(i).sponsor.name->str);
data/bygfoot-2.3.2/src/xml_mmatches.c:143:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(lg_file, "%s%s%s", dirname, G_DIR_SEPARATOR_S, buf);
data/bygfoot-2.3.2/src/xml_mmatches.c:206:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%smmatches", prefix);
data/bygfoot-2.3.2/src/xml_mmatches.c:229:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%slg%03d", basename, i);
data/bygfoot-2.3.2/src/xml_mmatches.c:231:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%slg%03d", prefix, i);
data/bygfoot-2.3.2/src/xml_name.c:137:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "player_names_%s.xml", sid);
data/bygfoot-2.3.2/src/xml_strategy.c:559:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s%s%s", strategydir, G_DIR_SEPARATOR_S,
data/bygfoot-2.3.2/src/debug.c:67:16: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:229:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:253:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:282:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:927:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:948:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/file.c:983:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/load_save.c:363:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/main.c:355:28: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
sprintf(buf, "%s%s%s", g_get_home_dir(), G_DIR_SEPARATOR_S, HOMEDIRNAME);
data/bygfoot-2.3.2/src/maths.c:48:19: [3] (random) g_rand_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gdouble U1 = g_rand_double(rand_generator);
data/bygfoot-2.3.2/src/maths.c:49:19: [3] (random) g_rand_double:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gdouble U2 = g_rand_double(rand_generator);
data/bygfoot-2.3.2/src/maths.h:36:31: [3] (random) g_rand_double_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define math_rnd(lower,upper) g_rand_double_range(rand_generator, lower, upper)
data/bygfoot-2.3.2/src/maths.h:37:32: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define math_rndi(lower,upper) g_rand_int_range(rand_generator, lower, upper + 1)
data/bygfoot-2.3.2/src/training.c:159:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
skill_points = training_points - random;
data/bygfoot-2.3.2/src/training.c:190:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
fitness_points = ((0.02 * number_camp) + (random / 100.0)) * -1;
data/bygfoot-2.3.2/src/training.c:196:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
fitness_points = ((0.04 * number_camp) + (random / 100.0)) * -1;
data/bygfoot-2.3.2/src/training.c:227:48: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
fitness_points = (((gfloat) training_points + random) / number_camp) / 100;
data/bygfoot-2.3.2/src/training.c:268:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
recovery_points = (training_points + random) * number_camp;
data/bygfoot-2.3.2/src/training.c:287:21: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = (gint) g_rand_int_range(grand, min, max+1); //random() works until max -1
data/bygfoot-2.3.2/src/training.c:288:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return random;
data/bygfoot-2.3.2/src/window.c:367:25: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
const gchar *home = g_get_home_dir();
data/bygfoot-2.3.2/src/callback_func.c:464:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf3, _(" more"));
data/bygfoot-2.3.2/src/callback_func.c:466:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf3, _(" less"));
data/bygfoot-2.3.2/src/callback_func.c:636:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "spinbutton_contract%d", i + 1);
data/bygfoot-2.3.2/src/cup.c:238:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, "NONAME");
data/bygfoot-2.3.2/src/cup.c:1094:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Round robin"));
data/bygfoot-2.3.2/src/cup.c:1102:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Last %d"), (gint)rint(powf(2, cup->rounds->len - round)));
data/bygfoot-2.3.2/src/cup.c:1105:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Final"));
data/bygfoot-2.3.2/src/cup.c:1108:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Semi-final"));
data/bygfoot-2.3.2/src/cup.c:1111:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Quarter-final"));
data/bygfoot-2.3.2/src/cup.c:1277:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prefix, "NONAME");
data/bygfoot-2.3.2/src/debug.c:79:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(buf, "a");
data/bygfoot-2.3.2/src/file.c:194:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fil = fopen(filename, bits);
data/bygfoot-2.3.2/src/file.c:200:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
*fil = fopen(support_file, bits);
data/bygfoot-2.3.2/src/file.c:679:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hints_file, "bygfoot_hints_en");
data/bygfoot-2.3.2/src/file.c:999:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(buf, "r");
data/bygfoot-2.3.2/src/fixture.c:1065:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "-- : --");
data/bygfoot-2.3.2/src/fixture.c:1068:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(local_buf, "%d - %d", math_sum_int_array(fix->result[idx0], 3),
data/bygfoot-2.3.2/src/fixture.c:1072:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(local_buf, _(" p."));
data/bygfoot-2.3.2/src/fixture.c:1075:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(local_buf, _(" e.t."));
data/bygfoot-2.3.2/src/fixture.c:1801:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _(" -- Second leg"));
data/bygfoot-2.3.2/src/fixture.c:1803:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _(" -- First leg"));
data/bygfoot-2.3.2/src/fixture.c:1806:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _(" -- Replay matches"));
data/bygfoot-2.3.2/src/game.c:1027:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _(" (P)"));
data/bygfoot-2.3.2/src/game.c:1030:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _(" (FK)"));
data/bygfoot-2.3.2/src/game.c:1033:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _(" (OG)"));
data/bygfoot-2.3.2/src/game.c:1149:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%d", fix->round + 1);
data/bygfoot-2.3.2/src/game_gui.c:85:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d.", live_game_unit_get_minute(unit));
data/bygfoot-2.3.2/src/game_gui.c:220:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f (%+.1f)", avskills[0],
data/bygfoot-2.3.2/src/game_gui.c:351:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f %.1f",
data/bygfoot-2.3.2/src/game_gui.c:815:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Click on OK to apply for the job. Click on CANCEL to close the window."));
data/bygfoot-2.3.2/src/game_gui.c:822:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf2, _(" (NOTE: If you don't, the game is over for you.)"));
data/bygfoot-2.3.2/src/game_gui.c:848:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", team_get_average_skill(tm, FALSE));
data/bygfoot-2.3.2/src/gui.c:53:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", number);
data/bygfoot-2.3.2/src/language.c:251:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "en");
data/bygfoot-2.3.2/src/lg_commentary.c:154:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "FIXME!");
data/bygfoot-2.3.2/src/lg_commentary.c:323:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d : %d", unit->result[0], unit->result[1]);
data/bygfoot-2.3.2/src/lg_commentary.c:525:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d",
data/bygfoot-2.3.2/src/lg_commentary.c:529:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("ALL OUT DEFEND"));
data/bygfoot-2.3.2/src/lg_commentary.c:532:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("DEFEND"));
data/bygfoot-2.3.2/src/lg_commentary.c:535:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("BALANCED"));
data/bygfoot-2.3.2/src/lg_commentary.c:538:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("ATTACK"));
data/bygfoot-2.3.2/src/lg_commentary.c:541:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("ALL OUT ATTACK"));
data/bygfoot-2.3.2/src/lg_commentary.c:544:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("ANTI"));
data/bygfoot-2.3.2/src/lg_commentary.c:547:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("OFF"));
data/bygfoot-2.3.2/src/lg_commentary.c:550:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("ON"));
data/bygfoot-2.3.2/src/live_game.c:1850:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("%d : %d p."), unit->result[idx],
data/bygfoot-2.3.2/src/live_game.c:1854:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("%d : %d e.t."), unit->result[idx],
data/bygfoot-2.3.2/src/live_game.c:1857:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d : %d", unit->result[idx],
data/bygfoot-2.3.2/src/main.c:397:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd1 = open ("stdout.log", O_CREAT|O_WRONLY|O_TRUNC, 0666);
data/bygfoot-2.3.2/src/main.c:399:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd2 = open ("stderr.log", O_CREAT|O_WRONLY|O_TRUNC, 0666);
data/bygfoot-2.3.2/src/misc.c:208:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%d", number);
data/bygfoot-2.3.2/src/misc.c:215:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%d", math_get_place(number2, i));
data/bygfoot-2.3.2/src/misc.c:223:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "- ");
data/bygfoot-2.3.2/src/misc.c:621:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%d", value);
data/bygfoot-2.3.2/src/misc2_callback_func.c:198:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "radiobutton_contract%d", i + 1);
data/bygfoot-2.3.2/src/misc2_callback_func.c:203:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "spinbutton_contract%d", i + 1);
data/bygfoot-2.3.2/src/misc3_callbacks.c:154:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("You bet on outcome %d with an odd of %.2f. How much do you wager?"),
data/bygfoot-2.3.2/src/news.c:418:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, "league_");
data/bygfoot-2.3.2/src/news.c:524:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_bool_multiple_scorers%d", i);
data/bygfoot-2.3.2/src/news.c:529:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_scorers%d", i);
data/bygfoot-2.3.2/src/news.c:533:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_highscorer%d", i);
data/bygfoot-2.3.2/src/news.c:537:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_highscorer_goals%d", i);
data/bygfoot-2.3.2/src/news.c:796:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_rank%d", i);
data/bygfoot-2.3.2/src/news.c:798:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "string_token_oldrank%d", i);
data/bygfoot-2.3.2/src/option_gui.c:515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", CAMP_SCALE_MAX - gtk_spin_button_get_value_as_int(
data/bygfoot-2.3.2/src/options_callbacks.c:188:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", CAMP_SCALE_MAX - gtk_spin_button_get_value_as_int(spinbutton));
data/bygfoot-2.3.2/src/start_end.c:141:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", team_get_league_rank(usr(i).tm, -1));
data/bygfoot-2.3.2/src/team.c:1059:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, _("W %d : %d"),
data/bygfoot-2.3.2/src/team.c:1065:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, _("L %d : %d"),
data/bygfoot-2.3.2/src/team.c:1070:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, _("Dw %d : %d"),
data/bygfoot-2.3.2/src/team.c:1150:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result_buf, _("Dw "));
data/bygfoot-2.3.2/src/team.c:1154:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result_buf, _("L "));
data/bygfoot-2.3.2/src/team.c:1157:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result_buf, _("W "));
data/bygfoot-2.3.2/src/team.c:1160:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(goals_buf, "%d : %d", goals[0], goals[1]);
data/bygfoot-2.3.2/src/team.c:1408:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(results, "%d-%d-%d, %d:%d", won, lost, drawn, gf, ga);
data/bygfoot-2.3.2/src/treeview.c:521:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3d.", live_game_unit_get_minute(unit));
data/bygfoot-2.3.2/src/treeview.c:567:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%3d.", unit->minute);
data/bygfoot-2.3.2/src/treeview.c:853:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(
data/bygfoot-2.3.2/src/treeview.c:877:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf[1], " </span>");
data/bygfoot-2.3.2/src/treeview.c:935:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[j], "%d", stats->values[j][i]);
data/bygfoot-2.3.2/src/treeview.c:938:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[j], "%d", (gint)rint(100 * ((gfloat)stats->values[j][i] /
data/bygfoot-2.3.2/src/treeview.c:1023:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf3, _("Week %d Round %d"), fix->week_number, fix->week_round_number);
data/bygfoot-2.3.2/src/treeview.c:1030:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf3, _("Week %d Round %d\nCup round %d"),
data/bygfoot-2.3.2/src/treeview.c:1318:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[j], "%d", elem->values[j - 2]);
data/bygfoot-2.3.2/src/treeview.c:1320:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[j], "%+d", elem->values[j - 2]);
data/bygfoot-2.3.2/src/treeview.c:1486:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.0f%%", current_user.tm->stadium.safety * 100);
data/bygfoot-2.3.2/src/treeview.c:1493:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Improvement in progress.\n%d seats and %d%% safety still to be done.\nExpected finish: %d weeks."),
data/bygfoot-2.3.2/src/treeview.c:1546:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Bi-weekly balance\n(Week %d and %d)"),
data/bygfoot-2.3.2/src/treeview.c:1549:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Bi-weekly balance\n(Week %d and %d)"),
data/bygfoot-2.3.2/src/treeview.c:1553:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Bi-weekly balance"));
data/bygfoot-2.3.2/src/treeview.c:1635:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.2f%%", current_interest * 100);
data/bygfoot-2.3.2/src/treeview.c:1645:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Debt (repay in %d weeks)"), user->counters[COUNT_USER_LOAN]);
data/bygfoot-2.3.2/src/treeview.c:1658:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("(starting week %d)"), user->alr_start_week);
data/bygfoot-2.3.2/src/treeview.c:1679:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d%%", user->youth_academy.percentage);
data/bygfoot-2.3.2/src/treeview.c:1796:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "</span>");
data/bygfoot-2.3.2/src/treeview.c:1847:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _("Neutral ground"));
data/bygfoot-2.3.2/src/treeview.c:1849:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _("Home"));
data/bygfoot-2.3.2/src/treeview.c:1851:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf2, _("Away"));
data/bygfoot-2.3.2/src/treeview.c:1869:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", team_get_average_skill(opp, TRUE));
data/bygfoot-2.3.2/src/treeview.c:1890:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", opp->structure);
data/bygfoot-2.3.2/src/treeview.c:2450:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d : %d",
data/bygfoot-2.3.2/src/treeview.c:2486:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f",
data/bygfoot-2.3.2/src/treeview.c:2490:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%.1f %%", (g_array_index(players[i], Stat, j).value3 > 0) ?
data/bygfoot-2.3.2/src/treeview.c:2494:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, "%.1f %%", (g_array_index(players[i], Stat, j).value3 > 0) ?
data/bygfoot-2.3.2/src/treeview.c:2505:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf4, "%d", g_array_index(players[i], Stat, j).value1);
data/bygfoot-2.3.2/src/treeview.c:2641:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Season %d"), stat->season_number);
data/bygfoot-2.3.2/src/treeview.c:2691:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(current_country, "%.*s", (gint)strlen(current_country) - 1, &buf2[1]);
data/bygfoot-2.3.2/src/treeview2.c:626:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf2, _("Week %d Round %d"),
data/bygfoot-2.3.2/src/treeview_helper.c:523:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "LEAGUE%d", league_idx);
data/bygfoot-2.3.2/src/treeview_helper.c:784:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", team_get_average_skill((Team*)team_pointer, FALSE));
data/bygfoot-2.3.2/src/treeview_helper.c:812:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", value);
data/bygfoot-2.3.2/src/treeview_helper.c:951:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(format, _("\nGoals/Game %.1f Save %% %.1f"));
data/bygfoot-2.3.2/src/treeview_helper.c:958:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(format, _("\nGoals/Game %.1f Shot %% %.1f"));
data/bygfoot-2.3.2/src/treeview_helper.c:1094:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("OK"));
data/bygfoot-2.3.2/src/treeview_helper.c:1147:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), pl->skill);
data/bygfoot-2.3.2/src/treeview_helper.c:1169:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f", opt_int("int_opt_player_precision"), pl->age);
data/bygfoot-2.3.2/src/treeview_helper.c:1172:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f", opt_int("int_opt_player_precision"),
data/bygfoot-2.3.2/src/treeview_helper.c:1218:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _(" (P)"));
data/bygfoot-2.3.2/src/treeview_helper.c:1259:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f", 1 + opt_int("int_opt_player_precision"),
data/bygfoot-2.3.2/src/treeview_helper.c:1297:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d(%d)", g_array_index(pl->cards, PlayerCard, 0).yellow,
data/bygfoot-2.3.2/src/treeview_helper.c:1300:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", g_array_index(pl->cards, PlayerCard, 0).yellow);
data/bygfoot-2.3.2/src/treeview_helper.c:1311:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d(%d)", yellow,
data/bygfoot-2.3.2/src/treeview_helper.c:1314:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", yellow);
data/bygfoot-2.3.2/src/treeview_helper.c:1363:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("INJ(%d)"), pl->recovery);
data/bygfoot-2.3.2/src/treeview_helper.c:1377:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("BAN(%d)"), ban);
data/bygfoot-2.3.2/src/treeview_helper.c:1390:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("OK"));
data/bygfoot-2.3.2/src/treeview_helper.c:1445:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d(%d)", player_games_goals_get(pl, clid, type),
data/bygfoot-2.3.2/src/treeview_helper.c:1448:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", player_games_goals_get(pl, clid, type));
data/bygfoot-2.3.2/src/treeview_helper.c:1462:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f%%", opt_int("int_opt_player_precision"),
data/bygfoot-2.3.2/src/treeview_helper.c:1498:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("G"));
data/bygfoot-2.3.2/src/treeview_helper.c:1506:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("D"));
data/bygfoot-2.3.2/src/treeview_helper.c:1514:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("M"));
data/bygfoot-2.3.2/src/treeview_helper.c:1522:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("F"));
data/bygfoot-2.3.2/src/treeview_helper.c:1548:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.*f", opt_int("int_opt_player_precision"),
data/bygfoot-2.3.2/src/treeview_helper.c:1738:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("W"));
data/bygfoot-2.3.2/src/treeview_helper.c:1749:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("L"));
data/bygfoot-2.3.2/src/treeview_helper.c:1756:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Dw"));
data/bygfoot-2.3.2/src/treeview_helper.c:1800:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.2f", bet->odds[column - 1]);
data/bygfoot-2.3.2/src/treeview_helper.c:1802:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d - %d", fix->result[0][0],
data/bygfoot-2.3.2/src/treeview_helper.c:1991:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.1f", team_get_average_skill(job_get_team(job), FALSE));
data/bygfoot-2.3.2/src/treeview_helper.c:1993:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", job->talent_percent);
data/bygfoot-2.3.2/src/user.c:270:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(prefix, "int_opt_user_pl%d_att", list_number);
data/bygfoot-2.3.2/src/user.c:633:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, _(" Fortunately he's got a cousin who can help your team out."));
data/bygfoot-2.3.2/src/user.c:825:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "FIXME!!!");
data/bygfoot-2.3.2/src/user.c:1126:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Your current sponsor is satisfied with your results and would like to renew the contract. Currently they're paying you %d a week."), current_user.sponsor.benefit);
data/bygfoot-2.3.2/src/user.c:1234:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(prefix, "___");
data/bygfoot-2.3.2/src/user.c:1269:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, ".bmm.zip");
data/bygfoot-2.3.2/src/window.c:90:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "(%d/%d)", counters[COUNT_HINT_NUMBER] + 1,
data/bygfoot-2.3.2/src/window.c:115:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(filename, "r");
data/bygfoot-2.3.2/src/window.c:153:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fil = fopen(filename, "w");
data/bygfoot-2.3.2/src/window.c:645:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d%%", (gint)rint(tm->stadium.safety * 100));
data/bygfoot-2.3.2/src/window.c:648:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d%%", (gint)rint(average_attendance_perc * 100));
data/bygfoot-2.3.2/src/window.c:654:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, _("Improvement in progress.\n%d seats and %d%% safety still to be done.\nExpected finish: %d weeks."),
data/bygfoot-2.3.2/src/window.c:865:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Erm..."));
data/bygfoot-2.3.2/src/window.c:882:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Numbers..."));
data/bygfoot-2.3.2/src/window.c:890:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Your stadium"));
data/bygfoot-2.3.2/src/window.c:898:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Job offer"));
data/bygfoot-2.3.2/src/window.c:906:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "???");
data/bygfoot-2.3.2/src/window.c:914:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Options"));
data/bygfoot-2.3.2/src/window.c:922:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Select font"));
data/bygfoot-2.3.2/src/window.c:937:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Contract offer"));
data/bygfoot-2.3.2/src/window.c:945:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("User management"));
data/bygfoot-2.3.2/src/window.c:953:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "Bygfoot debug window");
data/bygfoot-2.3.2/src/window.c:968:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Transfer offer"));
data/bygfoot-2.3.2/src/window.c:976:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Sponsorship offers"));
data/bygfoot-2.3.2/src/window.c:984:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Memorable matches"));
data/bygfoot-2.3.2/src/window.c:992:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Betting"));
data/bygfoot-2.3.2/src/window.c:1007:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Training camp"));
data/bygfoot-2.3.2/src/window.c:1015:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Automatic loan repayment"));
data/bygfoot-2.3.2/src/window.c:1023:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Bygfoot News"));
data/bygfoot-2.3.2/src/window.c:1031:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, _("Bygfoot constants"));
data/bygfoot-2.3.2/src/file.c:170:6: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bygfoot-2.3.2/src/file.c:547:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/file.c:548:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(opt_name, "");
data/bygfoot-2.3.2/src/file.c:549:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(opt_value, "");
data/bygfoot-2.3.2/src/file.c:551:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while( (buf[0] == '#' || strlen(buf) == 0) &&
data/bygfoot-2.3.2/src/file.c:558:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(buf[0] != '#' && strlen(buf) != 0)
data/bygfoot-2.3.2/src/file.c:560:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 1000)
data/bygfoot-2.3.2/src/file.c:563:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(buf);i++)
data/bygfoot-2.3.2/src/file.c:570:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(buf) - 1;i>0;i--)
data/bygfoot-2.3.2/src/file.c:643:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
opt_name[strlen(new.name) - (os_is_unix ? 5 : 6)] = '\0';
data/bygfoot-2.3.2/src/file.c:1003:24: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ((c = (gchar)fgetc(fil)) != EOF)
data/bygfoot-2.3.2/src/game.c:1035:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf2, "");
data/bygfoot-2.3.2/src/game.c:1063:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/game.c:1080:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0)
data/bygfoot-2.3.2/src/gui.c:47:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/gui.c:48:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf2, "");
data/bygfoot-2.3.2/src/language.c:59:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/language.c:120:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(local_code, "C");
data/bygfoot-2.3.2/src/language.c:143:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len1 = strlen(def1),
data/bygfoot-2.3.2/src/language.c:144:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(def2), lenmin = MIN(len1, len2);
data/bygfoot-2.3.2/src/language.c:255:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, cur_locale, 2);
data/bygfoot-2.3.2/src/language.h:34:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define language_get_current_index() (strlen(opt_str("string_opt_language_code")) > 0) ? language_get_code_index(opt_str("string_opt_language_code")) : -1
data/bygfoot-2.3.2/src/lg_commentary.c:170:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(commentary->text) == 0 ||
data/bygfoot-2.3.2/src/load_save.c:62:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup(filename, strlen(filename) - strlen(const_str("string_fs_save_suffix"))) :
data/bygfoot-2.3.2/src/load_save.c:62:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup(filename, strlen(filename) - strlen(const_str("string_fs_save_suffix"))) :
data/bygfoot-2.3.2/src/load_save.c:198:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup(basename, strlen(basename) - strlen(const_str("string_fs_save_suffix"))) :
data/bygfoot-2.3.2/src/load_save.c:198:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strndup(basename, strlen(basename) - strlen(const_str("string_fs_save_suffix"))) :
data/bygfoot-2.3.2/src/main.c:161:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *fullpath = (support_dir[strlen(support_dir)] == G_DIR_SEPARATOR) ?
data/bygfoot-2.3.2/src/main.c:463:2: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/bygfoot-2.3.2/src/misc.c:107:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=0;i<strlen(string);i++)
data/bygfoot-2.3.2/src/misc.c:113:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(start == strlen(string))
data/bygfoot-2.3.2/src/misc.c:119:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=start;i<strlen(string) + 1;i++)
data/bygfoot-2.3.2/src/misc.c:121:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(i < strlen(string) && !g_ascii_isspace(string[i]))
data/bygfoot-2.3.2/src/misc.c:127:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0)
data/bygfoot-2.3.2/src/misc.c:198:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/misc.c:218:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/bygfoot-2.3.2/src/misc.c:228:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "0");
data/bygfoot-2.3.2/src/misc.c:555:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(occurrence == NULL || strlen(string) < strlen(token))
data/bygfoot-2.3.2/src/misc.c:555:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(occurrence == NULL || strlen(string) < strlen(token))
data/bygfoot-2.3.2/src/misc.c:560:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, string, strlen(string) - strlen(occurrence));
data/bygfoot-2.3.2/src/misc.c:560:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf, string, strlen(string) - strlen(occurrence));
data/bygfoot-2.3.2/src/misc.c:560:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf, string, strlen(string) - strlen(occurrence));
data/bygfoot-2.3.2/src/misc.c:561:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(string) - strlen(occurrence)] = '\0';
data/bygfoot-2.3.2/src/misc.c:561:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(string) - strlen(occurrence)] = '\0';
data/bygfoot-2.3.2/src/misc.c:562:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(buf2, occurrence + strlen(token));
data/bygfoot-2.3.2/src/misc.c:586:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, "");
data/bygfoot-2.3.2/src/misc.c:589:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf) - strlen(occurrence);
data/bygfoot-2.3.2/src/misc.c:589:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(buf) - strlen(occurrence);
data/bygfoot-2.3.2/src/misc.c:591:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf2, buf, i);
data/bygfoot-2.3.2/src/misc.c:595:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
occurrence2 = g_strstr_len(occurrence, strlen(occurrence), "]");
data/bygfoot-2.3.2/src/misc.c:603:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(buf) - strlen(occurrence2);
data/bygfoot-2.3.2/src/misc.c:603:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(buf) - strlen(occurrence2);
data/bygfoot-2.3.2/src/misc.c:605:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf2, buf + i + 1, j - i - 1);
data/bygfoot-2.3.2/src/misc.c:628:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(last_idx < strlen(buf))
data/bygfoot-2.3.2/src/misc.c:630:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf2, buf + last_idx, strlen(buf) - last_idx);
data/bygfoot-2.3.2/src/misc.c:630:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buf2, buf + last_idx, strlen(buf) - last_idx);
data/bygfoot-2.3.2/src/misc.c:631:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf2[strlen(buf) - last_idx] = '\0';
data/bygfoot-2.3.2/src/misc.c:673:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const gchar *closepar = g_strstr_len(string, strlen(string), ")");
data/bygfoot-2.3.2/src/misc.c:674:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen(openpar) - strlen(closepar) - 1;
data/bygfoot-2.3.2/src/misc.c:674:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len = strlen(openpar) - strlen(closepar) - 1;
data/bygfoot-2.3.2/src/misc.c:676:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, openpar + 1, len);
data/bygfoot-2.3.2/src/misc.c:786:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len[2] = {strlen(string[0]), strlen(string[1])};
data/bygfoot-2.3.2/src/misc.c:786:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gint len[2] = {strlen(string[0]), strlen(string[1])};
data/bygfoot-2.3.2/src/misc.h:32:78: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define query_misc_string_contains(haystack, needle) (g_strstr_len(haystack, strlen(haystack), needle) != NULL)
data/bygfoot-2.3.2/src/misc2_callback_func.c:254:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(user_name) > 0)
data/bygfoot-2.3.2/src/misc_callback_func.c:153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(player_name) > 0)
data/bygfoot-2.3.2/src/news.c:416:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf2, "");
data/bygfoot-2.3.2/src/news.c:482:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/news.c:483:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(scorer_str, "");
data/bygfoot-2.3.2/src/news.c:484:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(high_scorer, "");
data/bygfoot-2.3.2/src/team.c:1047:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf4, "");
data/bygfoot-2.3.2/src/team.c:1048:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(neutral, "");
data/bygfoot-2.3.2/src/team.c:1134:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(result_buf, "");
data/bygfoot-2.3.2/src/treeview.c:872:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf[0], "");
data/bygfoot-2.3.2/src/treeview.c:873:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf[1], "");
data/bygfoot-2.3.2/src/treeview.c:1025:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(round_name, "");
data/bygfoot-2.3.2/src/treeview.c:1786:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf2, "");
data/bygfoot-2.3.2/src/treeview.c:1789:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf2, "|");
data/bygfoot-2.3.2/src/treeview.c:1795:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, "|");
data/bygfoot-2.3.2/src/treeview.c:2691:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(current_country, "%.*s", (gint)strlen(current_country) - 1, &buf2[1]);
data/bygfoot-2.3.2/src/treeview2.c:317:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview2.c:638:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:203:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(opt_str("string_opt_font_name")) > 0)
data/bygfoot-2.3.2/src/treeview_helper.c:348:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(filename != NULL && strlen(filename) != 0)
data/bygfoot-2.3.2/src/treeview_helper.c:782:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:810:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:938:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:980:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:995:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(buf) > 0)
data/bygfoot-2.3.2/src/treeview_helper.c:1011:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:1049:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:1120:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:1293:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "0");
data/bygfoot-2.3.2/src/treeview_helper.c:1317:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "0");
data/bygfoot-2.3.2/src/treeview_helper.c:1437:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "0");
data/bygfoot-2.3.2/src/treeview_helper.c:1581:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:1727:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/treeview_helper.c:1795:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/user.c:1152:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_string_append_len(prefix, filename_local, strlen(filename_local) - 8);
data/bygfoot-2.3.2/src/user.c:1231:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(prefix, filename, strlen(filename) - 8);
data/bygfoot-2.3.2/src/user.c:1231:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(prefix, filename, strlen(filename) - 8);
data/bygfoot-2.3.2/src/user.c:1232:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prefix[strlen(filename) - 8] = '\0';
data/bygfoot-2.3.2/src/user.c:1265:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf) - 4] = '\0';
data/bygfoot-2.3.2/src/window.c:873:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf, "");
data/bygfoot-2.3.2/src/xml.c:84:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *prefix = g_strndup(basename, strlen(basename) - 4);
data/bygfoot-2.3.2/src/xml.c:118:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gchar *prefix = g_strndup(basename, strlen(basename) - 4);
data/bygfoot-2.3.2/src/xml_country.c:174:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_cup.c:384:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_league.c:368:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_lg_commentary.c:260:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_cup.c:227:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_fixtures.c:151:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_jobs.c:133:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_league.c:218:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_league_stat.c:163:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_leagues_cups.c:112:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_live_game.c:196:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_misc.c:164:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_newspaper.c:135:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_season_stats.c:151:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_table.c:131:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_teams.c:170:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_transfers.c:150:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:271:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_loadsave_users.c:323:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
new_history.string[idx] = (strlen(buf) == 0) ? NULL : g_strdup(buf);
data/bygfoot-2.3.2/src/xml_mmatches.c:128:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_name.c:107:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_news.c:222:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_strategy.c:337:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
data/bygfoot-2.3.2/src/xml_team.c:197:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, text, text_len);
ANALYSIS SUMMARY:
Hits = 604
Lines analyzed = 64157 in approximately 4.35 seconds (14761 lines/second)
Physical Source Lines of Code (SLOC) = 47299
Hits@level = [0] 1226 [1] 130 [2] 171 [3] 21 [4] 282 [5] 0
Hits@level+ = [0+] 1830 [1+] 604 [2+] 474 [3+] 303 [4+] 282 [5+] 0
Hits/KSLOC@level+ = [0+] 38.69 [1+] 12.7698 [2+] 10.0214 [3+] 6.40606 [4+] 5.96207 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.