Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/chocolate-doom-3.0.1/codeblocks/config.h
Examining data/chocolate-doom-3.0.1/midiproc/buffer.c
Examining data/chocolate-doom-3.0.1/midiproc/buffer.h
Examining data/chocolate-doom-3.0.1/midiproc/main.c
Examining data/chocolate-doom-3.0.1/midiproc/proto.h
Examining data/chocolate-doom-3.0.1/msvc/config.h
Examining data/chocolate-doom-3.0.1/msvc/inttypes.h
Examining data/chocolate-doom-3.0.1/msvc/stdint.h
Examining data/chocolate-doom-3.0.1/msvc/win_opendir.c
Examining data/chocolate-doom-3.0.1/msvc/win_opendir.h
Examining data/chocolate-doom-3.0.1/opl/examples/droplay.c
Examining data/chocolate-doom-3.0.1/opl/ioperm_sys.c
Examining data/chocolate-doom-3.0.1/opl/ioperm_sys.h
Examining data/chocolate-doom-3.0.1/opl/opl.c
Examining data/chocolate-doom-3.0.1/opl/opl.h
Examining data/chocolate-doom-3.0.1/opl/opl3.c
Examining data/chocolate-doom-3.0.1/opl/opl3.h
Examining data/chocolate-doom-3.0.1/opl/opl_internal.h
Examining data/chocolate-doom-3.0.1/opl/opl_linux.c
Examining data/chocolate-doom-3.0.1/opl/opl_obsd.c
Examining data/chocolate-doom-3.0.1/opl/opl_queue.c
Examining data/chocolate-doom-3.0.1/opl/opl_queue.h
Examining data/chocolate-doom-3.0.1/opl/opl_sdl.c
Examining data/chocolate-doom-3.0.1/opl/opl_timer.c
Examining data/chocolate-doom-3.0.1/opl/opl_timer.h
Examining data/chocolate-doom-3.0.1/opl/opl_win32.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound.h
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_internal.h
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_linux.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_sdl.c
Examining data/chocolate-doom-3.0.1/pcsound/pcsound_win32.c
Examining data/chocolate-doom-3.0.1/pkg/osx/AppController.h
Examining data/chocolate-doom-3.0.1/pkg/osx/Execute.h
Examining data/chocolate-doom-3.0.1/pkg/osx/IWADController.h
Examining data/chocolate-doom-3.0.1/pkg/osx/LauncherManager.h
Examining data/chocolate-doom-3.0.1/src/aes_prng.c
Examining data/chocolate-doom-3.0.1/src/aes_prng.h
Examining data/chocolate-doom-3.0.1/src/d_dedicated.c
Examining data/chocolate-doom-3.0.1/src/d_event.c
Examining data/chocolate-doom-3.0.1/src/d_event.h
Examining data/chocolate-doom-3.0.1/src/d_iwad.c
Examining data/chocolate-doom-3.0.1/src/d_iwad.h
Examining data/chocolate-doom-3.0.1/src/d_loop.c
Examining data/chocolate-doom-3.0.1/src/d_loop.h
Examining data/chocolate-doom-3.0.1/src/d_mode.c
Examining data/chocolate-doom-3.0.1/src/d_mode.h
Examining data/chocolate-doom-3.0.1/src/d_ticcmd.h
Examining data/chocolate-doom-3.0.1/src/deh_defs.h
Examining data/chocolate-doom-3.0.1/src/deh_io.c
Examining data/chocolate-doom-3.0.1/src/deh_io.h
Examining data/chocolate-doom-3.0.1/src/deh_main.c
Examining data/chocolate-doom-3.0.1/src/deh_main.h
Examining data/chocolate-doom-3.0.1/src/deh_mapping.c
Examining data/chocolate-doom-3.0.1/src/deh_mapping.h
Examining data/chocolate-doom-3.0.1/src/deh_str.c
Examining data/chocolate-doom-3.0.1/src/deh_str.h
Examining data/chocolate-doom-3.0.1/src/deh_text.c
Examining data/chocolate-doom-3.0.1/src/doom/am_map.c
Examining data/chocolate-doom-3.0.1/src/doom/am_map.h
Examining data/chocolate-doom-3.0.1/src/doom/d_englsh.h
Examining data/chocolate-doom-3.0.1/src/doom/d_items.c
Examining data/chocolate-doom-3.0.1/src/doom/d_items.h
Examining data/chocolate-doom-3.0.1/src/doom/d_main.c
Examining data/chocolate-doom-3.0.1/src/doom/d_main.h
Examining data/chocolate-doom-3.0.1/src/doom/d_net.c
Examining data/chocolate-doom-3.0.1/src/doom/d_player.h
Examining data/chocolate-doom-3.0.1/src/doom/d_textur.h
Examining data/chocolate-doom-3.0.1/src/doom/d_think.h
Examining data/chocolate-doom-3.0.1/src/doom/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_cheat.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_doom.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_misc.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_misc.h
Examining data/chocolate-doom-3.0.1/src/doom/deh_ptr.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/doom/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/doom/doomdata.h
Examining data/chocolate-doom-3.0.1/src/doom/doomdef.c
Examining data/chocolate-doom-3.0.1/src/doom/doomdef.h
Examining data/chocolate-doom-3.0.1/src/doom/doomstat.c
Examining data/chocolate-doom-3.0.1/src/doom/doomstat.h
Examining data/chocolate-doom-3.0.1/src/doom/dstrings.c
Examining data/chocolate-doom-3.0.1/src/doom/dstrings.h
Examining data/chocolate-doom-3.0.1/src/doom/f_finale.c
Examining data/chocolate-doom-3.0.1/src/doom/f_finale.h
Examining data/chocolate-doom-3.0.1/src/doom/f_wipe.c
Examining data/chocolate-doom-3.0.1/src/doom/f_wipe.h
Examining data/chocolate-doom-3.0.1/src/doom/g_game.c
Examining data/chocolate-doom-3.0.1/src/doom/g_game.h
Examining data/chocolate-doom-3.0.1/src/doom/hu_lib.c
Examining data/chocolate-doom-3.0.1/src/doom/hu_lib.h
Examining data/chocolate-doom-3.0.1/src/doom/hu_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/hu_stuff.h
Examining data/chocolate-doom-3.0.1/src/doom/info.c
Examining data/chocolate-doom-3.0.1/src/doom/info.h
Examining data/chocolate-doom-3.0.1/src/doom/m_menu.c
Examining data/chocolate-doom-3.0.1/src/doom/m_menu.h
Examining data/chocolate-doom-3.0.1/src/doom/m_random.c
Examining data/chocolate-doom-3.0.1/src/doom/m_random.h
Examining data/chocolate-doom-3.0.1/src/doom/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/doom/p_doors.c
Examining data/chocolate-doom-3.0.1/src/doom/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/doom/p_floor.c
Examining data/chocolate-doom-3.0.1/src/doom/p_inter.c
Examining data/chocolate-doom-3.0.1/src/doom/p_inter.h
Examining data/chocolate-doom-3.0.1/src/doom/p_lights.c
Examining data/chocolate-doom-3.0.1/src/doom/p_local.h
Examining data/chocolate-doom-3.0.1/src/doom/p_map.c
Examining data/chocolate-doom-3.0.1/src/doom/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/doom/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/doom/p_mobj.h
Examining data/chocolate-doom-3.0.1/src/doom/p_plats.c
Examining data/chocolate-doom-3.0.1/src/doom/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/doom/p_pspr.h
Examining data/chocolate-doom-3.0.1/src/doom/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/doom/p_saveg.h
Examining data/chocolate-doom-3.0.1/src/doom/p_setup.c
Examining data/chocolate-doom-3.0.1/src/doom/p_setup.h
Examining data/chocolate-doom-3.0.1/src/doom/p_sight.c
Examining data/chocolate-doom-3.0.1/src/doom/p_spec.c
Examining data/chocolate-doom-3.0.1/src/doom/p_spec.h
Examining data/chocolate-doom-3.0.1/src/doom/p_switch.c
Examining data/chocolate-doom-3.0.1/src/doom/p_telept.c
Examining data/chocolate-doom-3.0.1/src/doom/p_tick.c
Examining data/chocolate-doom-3.0.1/src/doom/p_tick.h
Examining data/chocolate-doom-3.0.1/src/doom/p_user.c
Examining data/chocolate-doom-3.0.1/src/doom/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/doom/r_bsp.h
Examining data/chocolate-doom-3.0.1/src/doom/r_data.c
Examining data/chocolate-doom-3.0.1/src/doom/r_data.h
Examining data/chocolate-doom-3.0.1/src/doom/r_defs.h
Examining data/chocolate-doom-3.0.1/src/doom/r_draw.c
Examining data/chocolate-doom-3.0.1/src/doom/r_draw.h
Examining data/chocolate-doom-3.0.1/src/doom/r_local.h
Examining data/chocolate-doom-3.0.1/src/doom/r_main.c
Examining data/chocolate-doom-3.0.1/src/doom/r_main.h
Examining data/chocolate-doom-3.0.1/src/doom/r_plane.c
Examining data/chocolate-doom-3.0.1/src/doom/r_plane.h
Examining data/chocolate-doom-3.0.1/src/doom/r_segs.c
Examining data/chocolate-doom-3.0.1/src/doom/r_segs.h
Examining data/chocolate-doom-3.0.1/src/doom/r_sky.c
Examining data/chocolate-doom-3.0.1/src/doom/r_sky.h
Examining data/chocolate-doom-3.0.1/src/doom/r_state.h
Examining data/chocolate-doom-3.0.1/src/doom/r_things.c
Examining data/chocolate-doom-3.0.1/src/doom/r_things.h
Examining data/chocolate-doom-3.0.1/src/doom/s_sound.c
Examining data/chocolate-doom-3.0.1/src/doom/s_sound.h
Examining data/chocolate-doom-3.0.1/src/doom/sounds.c
Examining data/chocolate-doom-3.0.1/src/doom/sounds.h
Examining data/chocolate-doom-3.0.1/src/doom/st_lib.c
Examining data/chocolate-doom-3.0.1/src/doom/st_lib.h
Examining data/chocolate-doom-3.0.1/src/doom/st_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/st_stuff.h
Examining data/chocolate-doom-3.0.1/src/doom/statdump.c
Examining data/chocolate-doom-3.0.1/src/doom/statdump.h
Examining data/chocolate-doom-3.0.1/src/doom/wi_stuff.c
Examining data/chocolate-doom-3.0.1/src/doom/wi_stuff.h
Examining data/chocolate-doom-3.0.1/src/doomkeys.h
Examining data/chocolate-doom-3.0.1/src/doomtype.h
Examining data/chocolate-doom-3.0.1/src/gusconf.c
Examining data/chocolate-doom-3.0.1/src/gusconf.h
Examining data/chocolate-doom-3.0.1/src/heretic/am_data.h
Examining data/chocolate-doom-3.0.1/src/heretic/am_map.c
Examining data/chocolate-doom-3.0.1/src/heretic/am_map.h
Examining data/chocolate-doom-3.0.1/src/heretic/ct_chat.c
Examining data/chocolate-doom-3.0.1/src/heretic/ct_chat.h
Examining data/chocolate-doom-3.0.1/src/heretic/d_main.c
Examining data/chocolate-doom-3.0.1/src/heretic/d_net.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htext.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htic.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_htic.h
Examining data/chocolate-doom-3.0.1/src/heretic/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/heretic/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/heretic/doomdata.h
Examining data/chocolate-doom-3.0.1/src/heretic/doomdef.h
Examining data/chocolate-doom-3.0.1/src/heretic/dstrings.h
Examining data/chocolate-doom-3.0.1/src/heretic/f_finale.c
Examining data/chocolate-doom-3.0.1/src/heretic/g_game.c
Examining data/chocolate-doom-3.0.1/src/heretic/in_lude.c
Examining data/chocolate-doom-3.0.1/src/heretic/info.c
Examining data/chocolate-doom-3.0.1/src/heretic/info.h
Examining data/chocolate-doom-3.0.1/src/heretic/m_random.c
Examining data/chocolate-doom-3.0.1/src/heretic/m_random.h
Examining data/chocolate-doom-3.0.1/src/heretic/mn_menu.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_action.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_doors.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_floor.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_inter.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_lights.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_local.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_map.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_plats.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_setup.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_sight.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_spec.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_spec.h
Examining data/chocolate-doom-3.0.1/src/heretic/p_switch.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_telept.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_tick.c
Examining data/chocolate-doom-3.0.1/src/heretic/p_user.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_data.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_draw.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_local.h
Examining data/chocolate-doom-3.0.1/src/heretic/r_main.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_plane.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_segs.c
Examining data/chocolate-doom-3.0.1/src/heretic/r_things.c
Examining data/chocolate-doom-3.0.1/src/heretic/s_sound.c
Examining data/chocolate-doom-3.0.1/src/heretic/s_sound.h
Examining data/chocolate-doom-3.0.1/src/heretic/sb_bar.c
Examining data/chocolate-doom-3.0.1/src/heretic/sounds.c
Examining data/chocolate-doom-3.0.1/src/heretic/sounds.h
Examining data/chocolate-doom-3.0.1/src/hexen/a_action.c
Examining data/chocolate-doom-3.0.1/src/hexen/am_data.h
Examining data/chocolate-doom-3.0.1/src/hexen/am_map.c
Examining data/chocolate-doom-3.0.1/src/hexen/am_map.h
Examining data/chocolate-doom-3.0.1/src/hexen/ct_chat.c
Examining data/chocolate-doom-3.0.1/src/hexen/ct_chat.h
Examining data/chocolate-doom-3.0.1/src/hexen/d_net.c
Examining data/chocolate-doom-3.0.1/src/hexen/f_finale.c
Examining data/chocolate-doom-3.0.1/src/hexen/g_game.c
Examining data/chocolate-doom-3.0.1/src/hexen/h2_main.c
Examining data/chocolate-doom-3.0.1/src/hexen/h2def.h
Examining data/chocolate-doom-3.0.1/src/hexen/in_lude.c
Examining data/chocolate-doom-3.0.1/src/hexen/info.c
Examining data/chocolate-doom-3.0.1/src/hexen/info.h
Examining data/chocolate-doom-3.0.1/src/hexen/m_random.c
Examining data/chocolate-doom-3.0.1/src/hexen/m_random.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_anim.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_doors.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_floor.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_inter.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_lights.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_local.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_map.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_plats.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_setup.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_sight.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_spec.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_switch.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_telept.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_things.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_tick.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_user.c
Examining data/chocolate-doom-3.0.1/src/hexen/po_man.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_data.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_draw.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_local.h
Examining data/chocolate-doom-3.0.1/src/hexen/r_main.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_plane.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_segs.c
Examining data/chocolate-doom-3.0.1/src/hexen/r_things.c
Examining data/chocolate-doom-3.0.1/src/hexen/s_sound.c
Examining data/chocolate-doom-3.0.1/src/hexen/s_sound.h
Examining data/chocolate-doom-3.0.1/src/hexen/sb_bar.c
Examining data/chocolate-doom-3.0.1/src/hexen/sc_man.c
Examining data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c
Examining data/chocolate-doom-3.0.1/src/hexen/sounds.c
Examining data/chocolate-doom-3.0.1/src/hexen/sounds.h
Examining data/chocolate-doom-3.0.1/src/hexen/st_start.c
Examining data/chocolate-doom-3.0.1/src/hexen/st_start.h
Examining data/chocolate-doom-3.0.1/src/hexen/textdefs.h
Examining data/chocolate-doom-3.0.1/src/hexen/xddefs.h
Examining data/chocolate-doom-3.0.1/src/hexen/p_spec.h
Examining data/chocolate-doom-3.0.1/src/hexen/sv_save.c
Examining data/chocolate-doom-3.0.1/src/hexen/p_acs.c
Examining data/chocolate-doom-3.0.1/src/hexen/mn_menu.c
Examining data/chocolate-doom-3.0.1/src/i_cdmus.c
Examining data/chocolate-doom-3.0.1/src/i_cdmus.h
Examining data/chocolate-doom-3.0.1/src/i_endoom.c
Examining data/chocolate-doom-3.0.1/src/i_endoom.h
Examining data/chocolate-doom-3.0.1/src/i_input.c
Examining data/chocolate-doom-3.0.1/src/i_input.h
Examining data/chocolate-doom-3.0.1/src/i_joystick.c
Examining data/chocolate-doom-3.0.1/src/i_joystick.h
Examining data/chocolate-doom-3.0.1/src/i_main.c
Examining data/chocolate-doom-3.0.1/src/i_midipipe.c
Examining data/chocolate-doom-3.0.1/src/i_midipipe.h
Examining data/chocolate-doom-3.0.1/src/i_oplmusic.c
Examining data/chocolate-doom-3.0.1/src/i_pcsound.c
Examining data/chocolate-doom-3.0.1/src/i_sdlmusic.c
Examining data/chocolate-doom-3.0.1/src/i_sdlsound.c
Examining data/chocolate-doom-3.0.1/src/i_sound.c
Examining data/chocolate-doom-3.0.1/src/i_sound.h
Examining data/chocolate-doom-3.0.1/src/i_swap.h
Examining data/chocolate-doom-3.0.1/src/i_system.c
Examining data/chocolate-doom-3.0.1/src/i_system.h
Examining data/chocolate-doom-3.0.1/src/i_timer.c
Examining data/chocolate-doom-3.0.1/src/i_timer.h
Examining data/chocolate-doom-3.0.1/src/i_video.c
Examining data/chocolate-doom-3.0.1/src/i_video.h
Examining data/chocolate-doom-3.0.1/src/i_videohr.c
Examining data/chocolate-doom-3.0.1/src/i_videohr.h
Examining data/chocolate-doom-3.0.1/src/icon.c
Examining data/chocolate-doom-3.0.1/src/m_argv.c
Examining data/chocolate-doom-3.0.1/src/m_argv.h
Examining data/chocolate-doom-3.0.1/src/m_bbox.c
Examining data/chocolate-doom-3.0.1/src/m_bbox.h
Examining data/chocolate-doom-3.0.1/src/m_cheat.c
Examining data/chocolate-doom-3.0.1/src/m_cheat.h
Examining data/chocolate-doom-3.0.1/src/m_config.c
Examining data/chocolate-doom-3.0.1/src/m_config.h
Examining data/chocolate-doom-3.0.1/src/m_controls.c
Examining data/chocolate-doom-3.0.1/src/m_controls.h
Examining data/chocolate-doom-3.0.1/src/m_fixed.c
Examining data/chocolate-doom-3.0.1/src/m_fixed.h
Examining data/chocolate-doom-3.0.1/src/m_misc.c
Examining data/chocolate-doom-3.0.1/src/m_misc.h
Examining data/chocolate-doom-3.0.1/src/memio.c
Examining data/chocolate-doom-3.0.1/src/memio.h
Examining data/chocolate-doom-3.0.1/src/midifile.c
Examining data/chocolate-doom-3.0.1/src/midifile.h
Examining data/chocolate-doom-3.0.1/src/mus2mid.c
Examining data/chocolate-doom-3.0.1/src/mus2mid.h
Examining data/chocolate-doom-3.0.1/src/net_client.c
Examining data/chocolate-doom-3.0.1/src/net_client.h
Examining data/chocolate-doom-3.0.1/src/net_common.c
Examining data/chocolate-doom-3.0.1/src/net_common.h
Examining data/chocolate-doom-3.0.1/src/net_dedicated.c
Examining data/chocolate-doom-3.0.1/src/net_dedicated.h
Examining data/chocolate-doom-3.0.1/src/net_defs.h
Examining data/chocolate-doom-3.0.1/src/net_gui.c
Examining data/chocolate-doom-3.0.1/src/net_gui.h
Examining data/chocolate-doom-3.0.1/src/net_io.c
Examining data/chocolate-doom-3.0.1/src/net_io.h
Examining data/chocolate-doom-3.0.1/src/net_loop.c
Examining data/chocolate-doom-3.0.1/src/net_loop.h
Examining data/chocolate-doom-3.0.1/src/net_packet.c
Examining data/chocolate-doom-3.0.1/src/net_packet.h
Examining data/chocolate-doom-3.0.1/src/net_query.c
Examining data/chocolate-doom-3.0.1/src/net_query.h
Examining data/chocolate-doom-3.0.1/src/net_sdl.c
Examining data/chocolate-doom-3.0.1/src/net_sdl.h
Examining data/chocolate-doom-3.0.1/src/net_server.c
Examining data/chocolate-doom-3.0.1/src/net_server.h
Examining data/chocolate-doom-3.0.1/src/net_structrw.c
Examining data/chocolate-doom-3.0.1/src/net_structrw.h
Examining data/chocolate-doom-3.0.1/src/setup/compatibility.c
Examining data/chocolate-doom-3.0.1/src/setup/compatibility.h
Examining data/chocolate-doom-3.0.1/src/setup/display.c
Examining data/chocolate-doom-3.0.1/src/setup/display.h
Examining data/chocolate-doom-3.0.1/src/setup/execute.c
Examining data/chocolate-doom-3.0.1/src/setup/execute.h
Examining data/chocolate-doom-3.0.1/src/setup/joystick.c
Examining data/chocolate-doom-3.0.1/src/setup/joystick.h
Examining data/chocolate-doom-3.0.1/src/setup/keyboard.c
Examining data/chocolate-doom-3.0.1/src/setup/keyboard.h
Examining data/chocolate-doom-3.0.1/src/setup/mainmenu.c
Examining data/chocolate-doom-3.0.1/src/setup/mode.c
Examining data/chocolate-doom-3.0.1/src/setup/mode.h
Examining data/chocolate-doom-3.0.1/src/setup/mouse.c
Examining data/chocolate-doom-3.0.1/src/setup/mouse.h
Examining data/chocolate-doom-3.0.1/src/setup/multiplayer.c
Examining data/chocolate-doom-3.0.1/src/setup/multiplayer.h
Examining data/chocolate-doom-3.0.1/src/setup/setup_icon.c
Examining data/chocolate-doom-3.0.1/src/setup/sound.c
Examining data/chocolate-doom-3.0.1/src/setup/sound.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_joybinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_joybinput.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_keyinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_keyinput.h
Examining data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.c
Examining data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.h
Examining data/chocolate-doom-3.0.1/src/sha1.c
Examining data/chocolate-doom-3.0.1/src/sha1.h
Examining data/chocolate-doom-3.0.1/src/strife/am_map.c
Examining data/chocolate-doom-3.0.1/src/strife/am_map.h
Examining data/chocolate-doom-3.0.1/src/strife/d_englsh.h
Examining data/chocolate-doom-3.0.1/src/strife/d_items.c
Examining data/chocolate-doom-3.0.1/src/strife/d_items.h
Examining data/chocolate-doom-3.0.1/src/strife/d_main.c
Examining data/chocolate-doom-3.0.1/src/strife/d_main.h
Examining data/chocolate-doom-3.0.1/src/strife/d_net.c
Examining data/chocolate-doom-3.0.1/src/strife/d_player.h
Examining data/chocolate-doom-3.0.1/src/strife/d_textur.h
Examining data/chocolate-doom-3.0.1/src/strife/d_think.h
Examining data/chocolate-doom-3.0.1/src/strife/deh_ammo.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_cheat.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_frame.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_misc.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_misc.h
Examining data/chocolate-doom-3.0.1/src/strife/deh_ptr.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_sound.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_strife.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_thing.c
Examining data/chocolate-doom-3.0.1/src/strife/deh_weapon.c
Examining data/chocolate-doom-3.0.1/src/strife/doomdata.h
Examining data/chocolate-doom-3.0.1/src/strife/doomdef.c
Examining data/chocolate-doom-3.0.1/src/strife/doomdef.h
Examining data/chocolate-doom-3.0.1/src/strife/doomstat.c
Examining data/chocolate-doom-3.0.1/src/strife/doomstat.h
Examining data/chocolate-doom-3.0.1/src/strife/dstrings.c
Examining data/chocolate-doom-3.0.1/src/strife/dstrings.h
Examining data/chocolate-doom-3.0.1/src/strife/f_finale.c
Examining data/chocolate-doom-3.0.1/src/strife/f_finale.h
Examining data/chocolate-doom-3.0.1/src/strife/f_wipe.c
Examining data/chocolate-doom-3.0.1/src/strife/f_wipe.h
Examining data/chocolate-doom-3.0.1/src/strife/g_game.c
Examining data/chocolate-doom-3.0.1/src/strife/g_game.h
Examining data/chocolate-doom-3.0.1/src/strife/hu_lib.c
Examining data/chocolate-doom-3.0.1/src/strife/hu_lib.h
Examining data/chocolate-doom-3.0.1/src/strife/hu_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/hu_stuff.h
Examining data/chocolate-doom-3.0.1/src/strife/info.c
Examining data/chocolate-doom-3.0.1/src/strife/info.h
Examining data/chocolate-doom-3.0.1/src/strife/m_menu.c
Examining data/chocolate-doom-3.0.1/src/strife/m_menu.h
Examining data/chocolate-doom-3.0.1/src/strife/m_random.c
Examining data/chocolate-doom-3.0.1/src/strife/m_random.h
Examining data/chocolate-doom-3.0.1/src/strife/m_saves.c
Examining data/chocolate-doom-3.0.1/src/strife/m_saves.h
Examining data/chocolate-doom-3.0.1/src/strife/p_ceilng.c
Examining data/chocolate-doom-3.0.1/src/strife/p_dialog.c
Examining data/chocolate-doom-3.0.1/src/strife/p_dialog.h
Examining data/chocolate-doom-3.0.1/src/strife/p_doors.c
Examining data/chocolate-doom-3.0.1/src/strife/p_enemy.c
Examining data/chocolate-doom-3.0.1/src/strife/p_floor.c
Examining data/chocolate-doom-3.0.1/src/strife/p_inter.c
Examining data/chocolate-doom-3.0.1/src/strife/p_inter.h
Examining data/chocolate-doom-3.0.1/src/strife/p_lights.c
Examining data/chocolate-doom-3.0.1/src/strife/p_local.h
Examining data/chocolate-doom-3.0.1/src/strife/p_map.c
Examining data/chocolate-doom-3.0.1/src/strife/p_maputl.c
Examining data/chocolate-doom-3.0.1/src/strife/p_mobj.c
Examining data/chocolate-doom-3.0.1/src/strife/p_mobj.h
Examining data/chocolate-doom-3.0.1/src/strife/p_plats.c
Examining data/chocolate-doom-3.0.1/src/strife/p_pspr.c
Examining data/chocolate-doom-3.0.1/src/strife/p_pspr.h
Examining data/chocolate-doom-3.0.1/src/strife/p_saveg.c
Examining data/chocolate-doom-3.0.1/src/strife/p_saveg.h
Examining data/chocolate-doom-3.0.1/src/strife/p_setup.c
Examining data/chocolate-doom-3.0.1/src/strife/p_setup.h
Examining data/chocolate-doom-3.0.1/src/strife/p_sight.c
Examining data/chocolate-doom-3.0.1/src/strife/p_spec.c
Examining data/chocolate-doom-3.0.1/src/strife/p_spec.h
Examining data/chocolate-doom-3.0.1/src/strife/p_switch.c
Examining data/chocolate-doom-3.0.1/src/strife/p_telept.c
Examining data/chocolate-doom-3.0.1/src/strife/p_tick.c
Examining data/chocolate-doom-3.0.1/src/strife/p_tick.h
Examining data/chocolate-doom-3.0.1/src/strife/p_user.c
Examining data/chocolate-doom-3.0.1/src/strife/r_bsp.c
Examining data/chocolate-doom-3.0.1/src/strife/r_bsp.h
Examining data/chocolate-doom-3.0.1/src/strife/r_data.c
Examining data/chocolate-doom-3.0.1/src/strife/r_data.h
Examining data/chocolate-doom-3.0.1/src/strife/r_defs.h
Examining data/chocolate-doom-3.0.1/src/strife/r_draw.c
Examining data/chocolate-doom-3.0.1/src/strife/r_draw.h
Examining data/chocolate-doom-3.0.1/src/strife/r_local.h
Examining data/chocolate-doom-3.0.1/src/strife/r_main.c
Examining data/chocolate-doom-3.0.1/src/strife/r_main.h
Examining data/chocolate-doom-3.0.1/src/strife/r_plane.c
Examining data/chocolate-doom-3.0.1/src/strife/r_plane.h
Examining data/chocolate-doom-3.0.1/src/strife/r_segs.c
Examining data/chocolate-doom-3.0.1/src/strife/r_segs.h
Examining data/chocolate-doom-3.0.1/src/strife/r_sky.c
Examining data/chocolate-doom-3.0.1/src/strife/r_sky.h
Examining data/chocolate-doom-3.0.1/src/strife/r_state.h
Examining data/chocolate-doom-3.0.1/src/strife/r_things.c
Examining data/chocolate-doom-3.0.1/src/strife/r_things.h
Examining data/chocolate-doom-3.0.1/src/strife/s_sound.c
Examining data/chocolate-doom-3.0.1/src/strife/s_sound.h
Examining data/chocolate-doom-3.0.1/src/strife/sounds.c
Examining data/chocolate-doom-3.0.1/src/strife/sounds.h
Examining data/chocolate-doom-3.0.1/src/strife/st_lib.c
Examining data/chocolate-doom-3.0.1/src/strife/st_lib.h
Examining data/chocolate-doom-3.0.1/src/strife/st_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/st_stuff.h
Examining data/chocolate-doom-3.0.1/src/strife/wi_stuff.c
Examining data/chocolate-doom-3.0.1/src/strife/wi_stuff.h
Examining data/chocolate-doom-3.0.1/src/tables.c
Examining data/chocolate-doom-3.0.1/src/tables.h
Examining data/chocolate-doom-3.0.1/src/v_diskicon.c
Examining data/chocolate-doom-3.0.1/src/v_diskicon.h
Examining data/chocolate-doom-3.0.1/src/v_patch.h
Examining data/chocolate-doom-3.0.1/src/v_video.c
Examining data/chocolate-doom-3.0.1/src/v_video.h
Examining data/chocolate-doom-3.0.1/src/w_checksum.c
Examining data/chocolate-doom-3.0.1/src/w_checksum.h
Examining data/chocolate-doom-3.0.1/src/w_file.c
Examining data/chocolate-doom-3.0.1/src/w_file.h
Examining data/chocolate-doom-3.0.1/src/w_file_posix.c
Examining data/chocolate-doom-3.0.1/src/w_file_stdc.c
Examining data/chocolate-doom-3.0.1/src/w_file_win32.c
Examining data/chocolate-doom-3.0.1/src/w_main.c
Examining data/chocolate-doom-3.0.1/src/w_main.h
Examining data/chocolate-doom-3.0.1/src/w_merge.h
Examining data/chocolate-doom-3.0.1/src/w_wad.c
Examining data/chocolate-doom-3.0.1/src/w_wad.h
Examining data/chocolate-doom-3.0.1/src/z_native.c
Examining data/chocolate-doom-3.0.1/src/z_zone.c
Examining data/chocolate-doom-3.0.1/src/z_zone.h
Examining data/chocolate-doom-3.0.1/src/w_merge.c
Examining data/chocolate-doom-3.0.1/textscreen/examples/calculator.c
Examining data/chocolate-doom-3.0.1/textscreen/examples/guitest.c
Examining data/chocolate-doom-3.0.1/textscreen/fonts/codepage.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/large.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/normal.h
Examining data/chocolate-doom-3.0.1/textscreen/fonts/small.h
Examining data/chocolate-doom-3.0.1/textscreen/textscreen.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_button.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_button.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_checkbox.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_checkbox.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_conditional.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_conditional.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_desktop.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_desktop.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_dropdown.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_dropdown.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_fileselect.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_gui.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_gui.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_inputbox.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_io.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_io.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_label.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_label.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_main.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_radiobutton.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_radiobutton.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_scrollpane.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_scrollpane.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_sdl.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_sdl.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_separator.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_separator.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_strut.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_strut.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_table.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_table.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_utf8.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_utf8.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_widget.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_widget.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_window.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_window.h
Examining data/chocolate-doom-3.0.1/textscreen/txt_window_action.c
Examining data/chocolate-doom-3.0.1/textscreen/txt_window_action.h
FINAL RESULTS:
data/chocolate-doom-3.0.1/src/w_file_win32.c:97:5: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_OEMCP, 0,
data/chocolate-doom-3.0.1/msvc/win_opendir.c:108:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(nd->dd_name, szFullPath);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:117:7: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(nd->dd_name, SLASH);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:121:4: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(nd->dd_name, SUFFIX);
data/chocolate-doom-3.0.1/msvc/win_opendir.c:210:7: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(dirp->dd_dir.d_name, dirp->dd_dta.name);
data/chocolate-doom-3.0.1/src/d_dedicated.c:41:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(PACKAGE_NAME " standalone dedicated server\n");
data/chocolate-doom-3.0.1/src/deh_io.c:312:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, args);
data/chocolate-doom-3.0.1/src/deh_io.c:325:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, msg, args);
data/chocolate-doom-3.0.1/src/deh_str.c:397:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(repl, args);
data/chocolate-doom-3.0.1/src/deh_str.c:413:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(fstream, repl, args);
data/chocolate-doom-3.0.1/src/deh_str.h:36:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEH_printf printf
data/chocolate-doom-3.0.1/src/deh_str.h:37:21: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define DEH_fprintf fprintf
data/chocolate-doom-3.0.1/src/deh_str.h:38:22: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define DEH_snprintf snprintf
data/chocolate-doom-3.0.1/src/doom/d_main.c:1361:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(D_CDROM);
data/chocolate-doom-3.0.1/src/hexen/st_start.c:271:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(message, argptr);
data/chocolate-doom-3.0.1/src/hexen/st_start.c:286:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(message, argptr);
data/chocolate-doom-3.0.1/src/i_system.c:283:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, error, argptr);
data/chocolate-doom-3.0.1/src/m_misc.c:564:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/chocolate-doom-3.0.1/src/m_misc.c:581:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(buf, buf_len, s, args);
data/chocolate-doom-3.0.1/src/net_query.c:651:9: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
i = vprintf(s, args);
data/chocolate-doom-3.0.1/src/setup/execute.c:138:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(context->stream, s, args);
data/chocolate-doom-3.0.1/src/setup/execute.c:307:9: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp(argv[0], (char **) argv);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1659:9: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(D_CDROM);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:67:9: [4] (shell) execv:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execv(argv[0], argv);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:512:12: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
return system(ZENITY_BINARY " --help >/dev/null 2>&1") == 0;
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:933:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:950:14: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
result = vsnprintf(buf, buf_len, s, args);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:520:5: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute(NULL, "open", url, NULL, NULL, SW_SHOWNORMAL);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:538:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
if (system("xdg-open --version 2>/dev/null") != 0)
data/chocolate-doom-3.0.1/textscreen/txt_window.c:549:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(cmd);
data/chocolate-doom-3.0.1/opl/opl.c:135:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
driver_name = getenv("OPL_DRIVER");
data/chocolate-doom-3.0.1/pcsound/pcsound.c:84:19: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
driver_name = getenv("PCSOUND_DRIVER");
data/chocolate-doom-3.0.1/src/d_iwad.c:622:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("XDG_DATA_HOME");
data/chocolate-doom-3.0.1/src/d_iwad.c:627:25: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *homedir = getenv("HOME");
data/chocolate-doom-3.0.1/src/d_iwad.c:651:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("XDG_DATA_DIRS");
data/chocolate-doom-3.0.1/src/d_iwad.c:687:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("DOOMWADDIR");
data/chocolate-doom-3.0.1/src/d_iwad.c:694:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("DOOMWADPATH");
data/chocolate-doom-3.0.1/src/i_oplmusic.c:1726:17: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
dmxoption = getenv("DMXOPTION");
data/chocolate-doom-3.0.1/src/i_video.c:1057:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("XSCREENSAVER_WINDOW");
data/chocolate-doom-3.0.1/src/i_video.c:1341:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("XSCREENSAVER_WINDOW");
data/chocolate-doom-3.0.1/src/m_misc.c:244:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tempdir = getenv("TEMP");
data/chocolate-doom-3.0.1/src/net_client.c:1117:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
net_player_name = getenv("USER");
data/chocolate-doom-3.0.1/src/net_client.c:1119:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
net_player_name = getenv("USERNAME");
data/chocolate-doom-3.0.1/src/net_defs.h:202:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
int random; // [Strife only]
data/chocolate-doom-3.0.1/src/net_sdl.c:186:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/chocolate-doom-3.0.1/src/net_sdl.c:216:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/chocolate-doom-3.0.1/src/net_structrw.c:81:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
NET_WriteInt8(packet, settings->random);
data/chocolate-doom-3.0.1/src/net_structrw.c:110:64: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
&& NET_ReadInt8(packet, (unsigned int *) &settings->random)
data/chocolate-doom-3.0.1/src/setup/display.c:94:32: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
system_video_env_set = getenv("SDL_VIDEODRIVER") != NULL;
data/chocolate-doom-3.0.1/src/setup/execute.c:63:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
tempdir = getenv("TEMP");
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1098:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
net_player_name = getenv("USER");
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1103:27: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
net_player_name = getenv("USERNAME");
data/chocolate-doom-3.0.1/src/strife/d_net.c:127:28: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
randomparm = settings->random;
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:171:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
env = getenv("TEXTSCREEN_FONT");
data/chocolate-doom-3.0.1/midiproc/buffer.c:85:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf->data_end, data, len);
data/chocolate-doom-3.0.1/midiproc/main.c:426:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/chocolate-doom-3.0.1/msvc/win_opendir.h:30:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[FILENAME_MAX]; /* File name. */
data/chocolate-doom-3.0.1/msvc/win_opendir.h:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dd_name[1];
data/chocolate-doom-3.0.1/opl/examples/droplay.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/chocolate-doom-3.0.1/opl/examples/droplay.c:152:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
timer_data.fstream = fopen(filename, "rb");
data/chocolate-doom-3.0.1/opl/ioperm_sys.c:174:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t driver_path[MAX_PATH];
data/chocolate-doom-3.0.1/opl/opl_queue.c:98:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&queue->entries[entry_id],
data/chocolate-doom-3.0.1/opl/opl_queue.c:179:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&queue->entries[i],
data/chocolate-doom-3.0.1/opl/opl_queue.c:187:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&queue->entries[i], entry, sizeof(opl_queue_entry_t));
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:186:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
speaker_handle = open(SPEAKER_DEVICE, O_WRONLY);
data/chocolate-doom-3.0.1/pcsound/pcsound_linux.c:121:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
console_handle = open(CONSOLE_DEVICE, O_WRONLY);
data/chocolate-doom-3.0.1/src/d_iwad.c:60:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *iwad_dirs[MAX_IWAD_DIRS];
data/chocolate-doom-3.0.1/src/d_loop.c:376:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings->extratics = atoi(myargv[i+1]);
data/chocolate-doom-3.0.1/src/d_loop.c:391:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings->ticdup = atoi(myargv[i+1]);
data/chocolate-doom-3.0.1/src/deh_io.c:91:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/deh_io.c:218:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuffer, context->readbuffer, context->readbuffer_size);
data/chocolate-doom-3.0.1/src/deh_main.c:284:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char section_name[20];
data/chocolate-doom-3.0.1/src/deh_str.c:188:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub->to_text, to_text, len);
data/chocolate-doom-3.0.1/src/deh_str.c:198:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub->from_text, from_text, len);
data/chocolate-doom-3.0.1/src/deh_str.c:202:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sub->to_text, to_text, len);
data/chocolate-doom-3.0.1/src/doom/am_map.c:485:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/am_map.c:498:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/am_map.c:603:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[20];
data/chocolate-doom-3.0.1/src/doom/d_main.c:124:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wadfile[1024]; // primary wad file
data/chocolate-doom-3.0.1/src/doom/d_main.c:125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapdir[1024]; // directory of development maps
data/chocolate-doom-3.0.1/src/doom/d_main.c:397:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/chocolate-doom-3.0.1/src/doom/d_main.c:887:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[128];
data/chocolate-doom-3.0.1/src/doom/d_main.c:972:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demolumpname[6];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demolumpname[9];
data/chocolate-doom-3.0.1/src/doom/d_main.c:1388:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[23][8]=
data/chocolate-doom-3.0.1/src/doom/d_main.c:1731:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timelimit = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1761:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startmap = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_main.c:1806:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startloadgame = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/doom/d_net.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exitmsg[80];
data/chocolate-doom-3.0.1/src/doom/deh_ammo.c:69:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c:338:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[10];
data/chocolate-doom-3.0.1/src/doom/deh_frame.c:128:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_misc.c:174:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_ptr.c:102:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_sound.c:86:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_thing.c:105:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/deh_weapon.c:77:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/doom/doomdata.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toptexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bottomtexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midtexture[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:142:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floorpic[8];
data/chocolate-doom-3.0.1/src/doom/doomdata.h:143:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ceilingpic[8];
data/chocolate-doom-3.0.1/src/doom/doomstat.h:248:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char basedefault[1024];
data/chocolate-doom-3.0.1/src/doom/f_finale.c:247:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), 64);
data/chocolate-doom-3.0.1/src/doom/f_finale.c:252:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63);
data/chocolate-doom-3.0.1/src/doom/f_finale.c:612:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array, dest, width*height*sizeof(*dest));
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wipe_scr, wipe_scr_start, width*height*sizeof(*wipe_scr));
data/chocolate-doom-3.0.1/src/doom/f_wipe.c:141:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wipe_scr, wipe_scr_start, width*height*sizeof(*wipe_scr));
data/chocolate-doom-3.0.1/src/doom/g_game.c:224:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char savedescription[32];
data/chocolate-doom-3.0.1/src/doom/g_game.c:915:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/doom/g_game.c:939:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char turbomessage[80];
data/chocolate-doom-3.0.1/src/doom/g_game.c:940:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *player_names[4];
data/chocolate-doom-3.0.1/src/doom/g_game.c:1538:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savename[256];
data/chocolate-doom-3.0.1/src/doom/g_game.c:1552:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_stream = fopen(savename, "rb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1622:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_stream = fopen(temp_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1629:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_stream = fopen(recovery_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/doom/g_game.c:1943:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/doom/g_game.c:2030:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxsize = atoi(myargv[i+1])*1024;
data/chocolate-doom-3.0.1/src/doom/g_game.c:2113:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultbuf[16];
data/chocolate-doom-3.0.1/src/doom/hu_lib.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[HU_MAXLINELENGTH+1]; // line of text
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chat_macros[10] =
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chat_dest[MAXPLAYERS];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[9];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:529:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chatchars[QUEUESIZE];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.c:582:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastmessage[HU_MAXLINELENGTH+1];
data/chocolate-doom-3.0.1/src/doom/hu_stuff.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:102:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gammamsg[5][26] =
data/chocolate-doom-3.0.1/src/doom/m_menu.c:117:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveOldString[SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:126:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savegamestrings[10][SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:128:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endstring[160];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:140:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:170:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *skullName[2] = {"M_SKULL1","M_SKULL2"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:509:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:515:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/doom/m_menu.c:576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:697:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[80];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:944:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *detailNames[2] = {"M_GDHIGH","M_GDLOW"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:945:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *msgNames[2] = {"M_MSGOFF","M_MSGON"};
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1909:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char debug[1024];
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1949:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/chocolate-doom-3.0.1/src/doom/m_random.c:24:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/doom/p_mobj.c:772:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[32];
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:1381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/doom/p_setup.c:761:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startname[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:433:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frontFrame1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:434:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frontFrame2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frontFrame3[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:436:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frontFrame4[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backFrame1[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:438:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backFrame2[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backFrame3[9];
data/chocolate-doom-3.0.1/src/doom/p_spec.h:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backFrame4[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/doom/r_data.c:109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/doom/r_data.c:212:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cache + position, source, count);
data/chocolate-doom-3.0.1/src/doom/r_data.c:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namet[9];
data/chocolate-doom-3.0.1/src/doom/r_data.c:730:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (namet, name,8);
data/chocolate-doom-3.0.1/src/doom/r_draw.c:862:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), 64);
data/chocolate-doom-3.0.1/src/doom/r_draw.c:868:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63);
data/chocolate-doom-3.0.1/src/doom/r_draw.c:931:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + ofs, background_buffer + ofs, count * sizeof(*I_VideoBuffer));
data/chocolate-doom-3.0.1/src/doom/r_segs.c:718:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lastopening, ceilingclip+start, sizeof(*lastopening)*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/doom/r_segs.c:726:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lastopening, floorclip+start, sizeof(*lastopening)*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/doom/r_things.c:270:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sprites[i].spriteframes, sprtemp, maxframe*sizeof(spriteframe_t));
data/chocolate-doom-3.0.1/src/doom/s_sound.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:516:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:594:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:606:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/chocolate-doom-3.0.1/src/doom/st_stuff.c:1101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/doom/statdump.c:303:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&captured_stats[num_captured_stats], stats,
data/chocolate-doom-3.0.1/src/doom/statdump.c:338:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dumpfile = fopen(myargv[i + 1], "w");
data/chocolate-doom-3.0.1/src/doom/wi_stuff.c:1557:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/gusconf.c:37:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *patch_names[MAX_INSTRUMENTS];
data/chocolate-doom-3.0.1/src/gusconf.c:113:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *fields[6];
data/chocolate-doom-3.0.1/src/gusconf.c:125:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
instr_id = atoi(fields[0]);
data/chocolate-doom-3.0.1/src/gusconf.c:133:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapped_id = atoi(fields[MappingIndex()]);
data/chocolate-doom-3.0.1/src/gusconf.c:232:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(path, "w");
data/chocolate-doom-3.0.1/src/heretic/am_map.c:830:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + i * finit_width, maplump + j + mapxstart,
data/chocolate-doom-3.0.1/src/heretic/am_map.c:832:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + i * finit_width + finit_width - mapxstart,
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:62:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chat_msg[MAXPLAYERS][MESSAGESIZE];
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:63:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plr_lastmsg[MAXPLAYERS][MESSAGESIZE + 9]; // add in the length of the pre-string
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *CT_FromPlrText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/heretic/ct_chat.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chat_macros[10];
data/chocolate-doom-3.0.1/src/heretic/ct_chat.h:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:239:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:241:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debugfile = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/heretic/d_main.c:483:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char smsg[80]; // status bar line
data/chocolate-doom-3.0.1/src/heretic/d_main.c:591:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(textScreen, loading, 4000);
data/chocolate-doom-3.0.1/src/heretic/d_main.c:613:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmsg[300];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:695:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:732:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:733:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demolumpname[9];
data/chocolate-doom-3.0.1/src/heretic/d_main.c:1024:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[64];
data/chocolate-doom-3.0.1/src/heretic/d_net.c:45:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exitmsg[80];
data/chocolate-doom-3.0.1/src/heretic/deh_ammo.c:69:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_frame.c:286:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_sound.c:95:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
variable_name, atoi(value));
data/chocolate-doom-3.0.1/src/heretic/deh_thing.c:109:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/deh_weapon.c:89:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toptexture[8], bottomtexture[8], midtexture[8];
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floorpic[8], ceilingpic[8];
data/chocolate-doom-3.0.1/src/heretic/doomdata.h:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:173:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:178:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:272:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, p1, SCREENHEIGHT * SCREENWIDTH);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:278:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, p2 + SCREENHEIGHT * SCREENWIDTH - yval, yval);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:279:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + yval, p1, SCREENHEIGHT * SCREENWIDTH - yval);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:285:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, p2, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:112:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demoname[32];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:201:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savedescription[32];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:991:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savestr[SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcheck[VERSIONSIZE], readversion[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1570:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *skyLumpNames[5] = {
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1712:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/heretic/g_game.c:1827:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxsize = atoi(myargv[i + 1]) * 1024;
data/chocolate-doom-3.0.1/src/heretic/g_game.c:2039:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char verString[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/heretic/in_lude.c:582:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/in_lude.c:587:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:145:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SlotText[6][SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:146:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char oldSlotText[SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/heretic/mn_menu.c:646:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb+");
data/chocolate-doom-3.0.1/src/heretic/p_mobj.c:1044:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:63:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SaveGameFP = fopen(fileName, "wb");
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:68:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SaveGameFP = fopen(filename, "rb");
data/chocolate-doom-3.0.1/src/heretic/p_setup.c:546:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpname[9];
data/chocolate-doom-3.0.1/src/heretic/p_setup.c:627:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimerGame = atoi(myargv[parm + 1]) * 35 * 60;
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:45:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endname[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startname[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[9];
data/chocolate-doom-3.0.1/src/heretic/p_spec.h:166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[9];
data/chocolate-doom-3.0.1/src/heretic/r_data.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8]; // for switch changing, etc
data/chocolate-doom-3.0.1/src/heretic/r_data.c:117:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache + position, source, count);
data/chocolate-doom-3.0.1/src/heretic/r_data.c:305:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9], *names, *name_p;
data/chocolate-doom-3.0.1/src/heretic/r_data.c:577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namet[9];
data/chocolate-doom-3.0.1/src/heretic/r_data.c:583:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namet, name, 8);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:394:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:399:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:460:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/heretic/r_draw.c:465:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/heretic/r_segs.c:639:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastopening, ceilingclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/heretic/r_segs.c:646:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastopening, floorclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/heretic/r_things.c:230:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sprites[i].spriteframes, sprtemp,
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32];
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:1181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/heretic/sb_bar.c:1229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/heretic/sounds.h:94:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/heretic/sounds.h:99:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:729:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + i * finit_width, maplump + j + mapxstart,
data/chocolate-doom-3.0.1/src/hexen/am_map.c:731:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + i * finit_width + finit_width - mapxstart,
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1427:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *PlayerColorText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1443:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1516:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timeBuffer[15];
data/chocolate-doom-3.0.1/src/hexen/am_map.c:1517:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dayBuffer[20];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:67:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chat_msg[MAXPLAYERS][MESSAGESIZE];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:68:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plr_lastmsg[MAXPLAYERS][MESSAGESIZE + 9];
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *CT_FromPlrText[MAXPLAYERS] = {
data/chocolate-doom-3.0.1/src/hexen/ct_chat.c:87:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chat_macros[10] = {
data/chocolate-doom-3.0.1/src/hexen/ct_chat.h:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/hexen/d_net.c:50:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exitmsg[80];
data/chocolate-doom-3.0.1/src/hexen/d_net.c:199:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connect_data->player_class = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:173:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, W_CacheLumpNum(FinaleLumpNum, PU_CACHE),
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, W_CacheLumpNum(FinaleLumpNum, PU_CACHE),
data/chocolate-doom-3.0.1/src/hexen/g_game.c:95:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demoname[32];
data/chocolate-doom-3.0.1/src/hexen/g_game.c:168:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savedescription[32];
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1015:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1880:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/hexen/g_game.c:1995:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxsize = atoi(myargv[i + 1]) * 1024;
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char demolumpname[9]; // Demo lump to start playing.
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:521:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_LoadGame(atoi(myargv[p + 1]));
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:668:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:729:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
WarpMap = atoi(myargv[p + 1]);
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:763:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20];
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:765:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
debugfile = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/hexen/h2_main.c:1052:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
G_LoadGame(atoi(myargv[p + 1]));
data/chocolate-doom-3.0.1/src/hexen/h2def.h:555:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[80]; // hint messages
data/chocolate-doom-3.0.1/src/hexen/h2def.h:1011:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ClusterMessage[MAX_INTRMSN_MESSAGE_SIZE];
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ClusterMessage[MAX_INTRMSN_MESSAGE_SIZE];
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:406:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer, (byte *) patchINTERPIC, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8] = "XX";
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:548:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buff[8] = "XX";
data/chocolate-doom-3.0.1/src/hexen/m_random.c:24:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:151:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char SlotText[6][SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:152:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char oldSlotText[SLOTTEXTLEN + 2];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:598:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *boxLumpName[3] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:603:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *walkLumpName[3] = {
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:679:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versionText[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:683:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[HXS_DESCRIPTION_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:717:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SlotText[slot], description, SLOTTEXTLEN);
data/chocolate-doom-3.0.1/src/hexen/mn_menu.c:1777:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer,
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:187:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char EvalContext[64];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:193:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char PrintBuffer[PRINT_BUFFER_SIZE];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:575:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ErrorMsg[128];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:662:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ACSStore[index].args, args, MAX_SCRIPT_ARGS);
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:678:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LockedBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:680:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *TextKeyMessages[11];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:1803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[16];
data/chocolate-doom-3.0.1/src/hexen/p_acs.c:1812:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempStr[2];
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:951:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:959:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(mo->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_enemy.c:1120:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&starttime, mo->args, sizeof(unsigned int));
data/chocolate-doom-3.0.1/src/hexen/p_inter.c:714:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *artifactMessages[NUMARTIFACTS] = {
data/chocolate-doom-3.0.1/src/hexen/p_inter.c:1638:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(monster->args, oldMonster.args, 5);
data/chocolate-doom-3.0.1/src/hexen/p_mobj.c:1403:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/hexen/p_mobj.c:1438:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(player_start, mthing, sizeof(mapthing_t));
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char songLump[10];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:671:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpname[9];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:749:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimerGame = atoi(myargv[parm + 1]) * 35 * 60;
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:798:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char songMulch[10];
data/chocolate-doom-3.0.1/src/hexen/p_setup.c:844:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(info, &MapInfo[0], sizeof(*info));
data/chocolate-doom-3.0.1/src/hexen/p_spec.c:411:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *TextKeyMessages[11];
data/chocolate-doom-3.0.1/src/hexen/p_spec.c:412:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char LockedBuffer[80];
data/chocolate-doom-3.0.1/src/hexen/p_spec.h:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[9];
data/chocolate-doom-3.0.1/src/hexen/p_spec.h:203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[9];
data/chocolate-doom-3.0.1/src/hexen/r_data.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8]; // for switch changing, etc
data/chocolate-doom-3.0.1/src/hexen/r_data.c:112:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cache + position, source, count);
data/chocolate-doom-3.0.1/src/hexen/r_data.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9], *names, *name_p;
data/chocolate-doom-3.0.1/src/hexen/r_data.c:533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namet[9];
data/chocolate-doom-3.0.1/src/hexen/r_data.c:539:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namet, name, 8);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:329:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(translationtables + i * 256, transLump, 256);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:462:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:467:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:528:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), 64);
data/chocolate-doom-3.0.1/src/hexen/r_draw.c:533:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src + ((y & 63) << 6), SCREENWIDTH & 63);
data/chocolate-doom-3.0.1/src/hexen/r_segs.c:632:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastopening, ceilingclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/hexen/r_segs.c:639:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(lastopening, floorclip + start, 2 * (rw_stopx - start));
data/chocolate-doom-3.0.1/src/hexen/r_things.c:233:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sprites[i].spriteframes, sprtemp,
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:246:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
{ memcpy(cheat.sequence, seq, sizeof(seq)); \
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:636:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[32];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1743:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapName[9];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1744:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1794:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1851:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textBuffer[50];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1909:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textBuffer[40];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1910:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1946:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1971:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/chocolate-doom-3.0.1/src/hexen/sb_bar.c:1973:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char args[2];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ScriptName[16];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char StringBuffer[MAX_STRING_SIZE];
data/chocolate-doom-3.0.1/src/hexen/sc_man.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[128];
data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[SS_SEQUENCE_NAME_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sn_sonix.c:292:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SequenceData[i], tempDataStart, dataSize);
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1927:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1928:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char versionText[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:1987:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2028:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2029:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version_text[HXS_VERSION_TEXT_LENGTH];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2147:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2337:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:2351:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sourceName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char destName[100];
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3261:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
read_handle = fopen(source_name, "rb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3280:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
write_handle = fopen(dest_name, "wb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3326:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(name, "rb")) != NULL)
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3345:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SavingFP = fopen(fileName, "rb");
data/chocolate-doom-3.0.1/src/hexen/sv_save.c:3350:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
SavingFP = fopen(fileName, "wb");
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toptexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bottomtexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midtexture[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floorpic[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ceilingpic[8];
data/chocolate-doom-3.0.1/src/hexen/xddefs.h:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/i_endoom.c:56:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(screendata + (y * TXT_SCREEN_W * 2),
data/chocolate-doom-3.0.1/src/i_joystick.c:398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/chocolate-doom-3.0.1/src/i_midipipe.c:381:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dirname[MAX_PATH + 1];
data/chocolate-doom-3.0.1/src/i_midipipe.c:385:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char snd_samplerate_buf[8];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:315:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char (*main_instr_names)[32];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:316:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char (*percussion_names)[32];
data/chocolate-doom-3.0.1/src/i_oplmusic.c:374:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(char (*)[32]) (percussion_instrs + GENMIDI_NUM_PERCUSSION);
data/chocolate-doom-3.0.1/src/i_oplmusic.c:1835:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[80];
data/chocolate-doom-3.0.1/src/i_pcsound.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:146:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(value);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:157:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
result = result * 60 + atoi(num_start);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:169:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return (result * 60 + atoi(num_start)) * samplerate_hz;
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:377:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[4];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:384:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:476:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&subst_music[subst_music_len - 1], subst, sizeof(subst_music_t));
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:635:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[128];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:641:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:746:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:752:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fs = fopen(filename, "w");
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:811:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(write_path, "w");
data/chocolate-doom-3.0.1/src/i_sdlsound.c:555:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
wav = fopen(filename, "wb");
data/chocolate-doom-3.0.1/src/i_sdlsound.c:637:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(convertor.buf, data, length);
data/chocolate-doom-3.0.1/src/i_sdlsound.c:641:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chunk->abuf, convertor.buf, chunk->alen);
data/chocolate-doom-3.0.1/src/i_sdlsound.c:772:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[16];
data/chocolate-doom-3.0.1/src/i_sdlsound.c:817:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sdlsound.c:884:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/i_sound.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/i_system.c:143:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
default_ram = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/i_system.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[512];
data/chocolate-doom-3.0.1/src/i_system.c:364:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mem_dump_dos622[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:366:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mem_dump_win98[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:368:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char mem_dump_dosbox[DOS_MEM_DUMP_SIZE] = {
data/chocolate-doom-3.0.1/src/i_system.c:370:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char mem_dump_custom[DOS_MEM_DUMP_SIZE];
data/chocolate-doom-3.0.1/src/i_video.c:804:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scr, I_VideoBuffer, SCREENWIDTH*SCREENHEIGHT*sizeof(*scr));
data/chocolate-doom-3.0.1/src/i_video.c:972:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window_width = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/i_video.c:989:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
window_height = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/i_video.c:1345:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char winenv[30];
data/chocolate-doom-3.0.1/src/m_argv.c:89:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(response_filename, "rb");
data/chocolate-doom-3.0.1/src/m_cheat.c:86:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cht->parameter_buf, cht->parameter_chars);
data/chocolate-doom-3.0.1/src/m_cheat.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sequence[MAX_CHEAT_LEN];
data/chocolate-doom-3.0.1/src/m_cheat.h:47:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char parameter_buf[MAX_CHEAT_PARAMS];
data/chocolate-doom-3.0.1/src/m_config.c:1715:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (collection->filename, "w");
data/chocolate-doom-3.0.1/src/m_config.c:1873:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defname[80];
data/chocolate-doom-3.0.1/src/m_config.c:1874:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strparm[100];
data/chocolate-doom-3.0.1/src/m_config.c:1877:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(collection->filename, "r");
data/chocolate-doom-3.0.1/src/m_controls.c:380:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; // haleyjd: 20 not large enough - Thank you, come again!
data/chocolate-doom-3.0.1/src/m_misc.c:70:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(filename, "r");
data/chocolate-doom-3.0.1/src/m_misc.c:186:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(name, "wb");
data/chocolate-doom-3.0.1/src/m_misc.c:211:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(name, "rb");
data/chocolate-doom-3.0.1/src/m_misc.c:614:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP, 0, oem, len, tmp, len);
data/chocolate-doom-3.0.1/src/memio.c:79:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, stream->buf + stream->position, items * size);
data/chocolate-doom-3.0.1/src/memio.c:126:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newbuf, stream->buf, stream->alloced);
data/chocolate-doom-3.0.1/src/memio.c:134:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream->buf + stream->position, ptr, bytes);
data/chocolate-doom-3.0.1/src/midifile.c:601:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stream = fopen(filename, "rb");
data/chocolate-doom-3.0.1/src/net_client.c:494:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&net_client_wait_data, &wait_data, sizeof(net_waitdata_t));
data/chocolate-doom-3.0.1/src/net_client.c:976:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_local_wad_sha1sum, data->wad_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_client.c:977:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_local_deh_sha1sum, data->deh_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_client.c:1067:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_settings, &settings, sizeof(net_gamesettings_t));
data/chocolate-doom-3.0.1/src/net_defs.h:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char player_names[NET_MAXPLAYERS][MAXPLAYERNAME];
data/chocolate-doom-3.0.1/src/net_defs.h:266:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char player_addrs[NET_MAXPLAYERS][MAXPLAYERNAME];
data/chocolate-doom-3.0.1/src/net_gui.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/chocolate-doom-3.0.1/src/net_gui.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/chocolate-doom-3.0.1/src/net_gui.c:372:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
expected_nodes = atoi(myargv[i + 1]);
data/chocolate-doom-3.0.1/src/net_io.c:116:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[128];
data/chocolate-doom-3.0.1/src/net_packet.c:55:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newpacket->data, packet->data, packet->len);
data/chocolate-doom-3.0.1/src/net_packet.c:249:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newdata, packet->data, packet->len);
data/chocolate-doom-3.0.1/src/net_query.c:295:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&target->data, &querydata, sizeof(net_querydata_t));
data/chocolate-doom-3.0.1/src/net_sdl.c:118:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_addr_table, addr_table,
data/chocolate-doom-3.0.1/src/net_sdl.c:172:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/net_sdl.c:203:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
port = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/net_sdl.c:292:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((*packet)->data, recvpacket->data, recvpacket->len);
data/chocolate-doom-3.0.1/src/net_sdl.c:322:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portbuf[10];
data/chocolate-doom-3.0.1/src/net_sdl.c:342:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
addr_port = atoi(colon + 1);
data/chocolate-doom-3.0.1/src/net_server.c:191:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/chocolate-doom-3.0.1/src/net_server.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/chocolate-doom-3.0.1/src/net_server.c:413:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wait_data.wad_sha1sum, &controller->wad_sha1sum,
data/chocolate-doom-3.0.1/src/net_server.c:415:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&wait_data.deh_sha1sum, &controller->deh_sha1sum,
data/chocolate-doom-3.0.1/src/net_server.c:629:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reject_msg[256];
data/chocolate-doom-3.0.1/src/net_server.c:735:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->wad_sha1sum, data.wad_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/net_server.c:736:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(client->deh_sha1sum, data.deh_sha1sum, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/setup/display.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[15];
data/chocolate-doom-3.0.1/src/setup/execute.c:121:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
result->stream = fopen(result->response_file, "w");
data/chocolate-doom-3.0.1/src/setup/execute.c:170:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_OEMCP, 0,
data/chocolate-doom-3.0.1/src/setup/execute.c:181:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t exe_path[MAX_PATH];
data/chocolate-doom-3.0.1/src/setup/execute.c:213:5: [2] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
wcscat(result, L"\" \"");
data/chocolate-doom-3.0.1/src/setup/execute.c:295:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *argv[3];
data/chocolate-doom-3.0.1/src/setup/joystick.c:657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/src/setup/joystick.c:1105:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/chocolate-doom-3.0.1/src/setup/keyboard.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:123:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *chat_macros[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *wads[NUM_WADS];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:126:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *extra_params[NUM_EXTRA_PARAMS];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:393:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:921:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ping_time_str[16];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:922:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[47];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:1163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[15];
data/chocolate-doom-3.0.1/src/setup/txt_joyaxis.c:429:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[JOYSTICK_AXIS_WIDTH + 1];
data/chocolate-doom-3.0.1/src/setup/txt_joybinput.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/chocolate-doom-3.0.1/src/setup/txt_keyinput.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/chocolate-doom-3.0.1/src/setup/txt_mouseinput.c:95:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/chocolate-doom-3.0.1/src/sha1.c:70:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, data, 64);
data/chocolate-doom-3.0.1/src/sha1.c:302:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(digest, hd->buf, sizeof(sha1_digest_t));
data/chocolate-doom-3.0.1/src/strife/am_map.c:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/am_map.c:477:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/am_map.c:584:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[20];
data/chocolate-doom-3.0.1/src/strife/d_main.c:144:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wadfile[1024]; // primary wad file
data/chocolate-doom-3.0.1/src/strife/d_main.c:145:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapdir[1024]; // directory of development maps
data/chocolate-doom-3.0.1/src/strife/d_main.c:461:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[12];
data/chocolate-doom-3.0.1/src/strife/d_main.c:901:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
serialnum = atoi(serial);
data/chocolate-doom-3.0.1/src/strife/d_main.c:925:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char title[128] = "";
data/chocolate-doom-3.0.1/src/strife/d_main.c:1272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1475:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[256];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char demolumpname[9];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1687:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
scale = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1740:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[80];
data/chocolate-doom-3.0.1/src/strife/d_main.c:1742:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int serialnum = atoi(serial);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1857:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[3][8]=
data/chocolate-doom-3.0.1/src/strife/d_main.c:1933:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
timelimit = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1963:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startmap = atoi (myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_main.c:2002:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
startloadgame = atoi(myargv[p+1]);
data/chocolate-doom-3.0.1/src/strife/d_net.c:44:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exitmsg[80];
data/chocolate-doom-3.0.1/src/strife/deh_ammo.c:69:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_frame.c:126:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_misc.c:174:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_ptr.c:102:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_sound.c:86:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_thing.c:106:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/deh_weapon.c:78:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ivalue = atoi(value);
data/chocolate-doom-3.0.1/src/strife/doomdata.h:70:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char toptexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:71:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bottomtexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char midtexture[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:154:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floorpic[8];
data/chocolate-doom-3.0.1/src/strife/doomdata.h:155:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ceilingpic[8];
data/chocolate-doom-3.0.1/src/strife/doomstat.h:246:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char basedefault[1024];
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:61:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(array, dest, width*height*2);
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:74:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wipe_scr, wipe_scr_start, width*height);
data/chocolate-doom-3.0.1/src/strife/f_wipe.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(wipe_scr, wipe_scr_start, width*height);
data/chocolate-doom-3.0.1/src/strife/g_game.c:227:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char savedescription[32];
data/chocolate-doom-3.0.1/src/strife/g_game.c:964:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cmd, &netcmds[i], sizeof(ticcmd_t));
data/chocolate-doom-3.0.1/src/strife/g_game.c:988:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char turbomessage[80];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1291:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapbuf[33];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1662:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savename[256];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1682:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_stream = fopen(loadpath, "rb");
data/chocolate-doom-3.0.1/src/strife/g_game.c:1803:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamemapstr[33];
data/chocolate-doom-3.0.1/src/strife/g_game.c:1828:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
save_stream = fopen(temp_savegame_file, "wb");
data/chocolate-doom-3.0.1/src/strife/g_game.c:2128:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_demobuffer, demobuffer, current_length);
data/chocolate-doom-3.0.1/src/strife/g_game.c:2212:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
maxsize = atoi(myargv[i+1])*1024;
data/chocolate-doom-3.0.1/src/strife/g_game.c:2279:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char resultbuf[16];
data/chocolate-doom-3.0.1/src/strife/hu_lib.h:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char l[HU_MAXLINELENGTH+1]; // line of text
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *chat_macros[10] =
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:76:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char player_names[8][16] =
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:96:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chat_dest[MAXPLAYERS];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:183:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[9];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:323:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HU_MAXLINELENGTH+2]; // esp+52h
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:477:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char chatchars[QUEUESIZE];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.c:543:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastmessage[HU_MAXLINELENGTH+1];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.h:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *chat_macros[10];
data/chocolate-doom-3.0.1/src/strife/hu_stuff.h:59:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char player_names[8][16]; // villsa [STRIFE]
data/chocolate-doom-3.0.1/src/strife/info.c:33:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sprnames[NUMSPRITES+1] =
data/chocolate-doom-3.0.1/src/strife/m_menu.c:108:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gammamsg[5][26] =
data/chocolate-doom-3.0.1/src/strife/m_menu.c:122:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char saveOldString[SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:135:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savegamestrings[10][SAVESTRINGSIZE];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endstring[160];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:149:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cursorName[8] = {"M_CURS1", "M_CURS2", "M_CURS3", "M_CURS4",
data/chocolate-doom-3.0.1/src/strife/m_menu.c:554:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(fname, "rb");
data/chocolate-doom-3.0.1/src/strife/m_menu.c:817:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstring[80];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1125:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char detailNames[2][9] = {"M_GDHIGH","M_GDLOW"};
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1126:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgNames[2][9] = {"M_MSGOFF","M_MSGON"};
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2293:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[80];
data/chocolate-doom-3.0.1/src/strife/m_menu.h:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/chocolate-doom-3.0.1/src/strife/m_random.c:29:23: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rndtable[256] = {
data/chocolate-doom-3.0.1/src/strife/m_saves.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char character_name[CHARACTER_NAME_LEN]; // Name of "character" for saveslot
data/chocolate-doom-3.0.1/src/strife/m_saves.c:216:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpnum[33];
data/chocolate-doom-3.0.1/src/strife/m_saves.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpnum[33];
data/chocolate-doom-3.0.1/src/strife/m_saves.c:294:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(srcpath, "rb")))
data/chocolate-doom-3.0.1/src/strife/m_saves.c:472:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tmpbuffer[32];
data/chocolate-doom-3.0.1/src/strife/m_saves.h:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char character_name[CHARACTER_NAME_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:58:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(field, ptr, len); \
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:71:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mission_objective[OBJECTIVE_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:108:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dialoglastmsgbuffer[48];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:111:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pickupstring[46];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *messages[MAXRNDMESSAGES];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:448:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpname[9];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:1053:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char choicetext[64];
data/chocolate-doom-3.0.1/src/strife/p_dialog.c:1054:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char choicetext2[64];
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:38:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mission_objective[OBJECTIVE_LEN];
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MDLG_CHOICELEN]; // normal text
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textok[MDLG_MSGLEN]; // message given on success
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:70:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textno[MDLG_MSGLEN]; // message given on failure
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:79:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MDLG_NAMELEN]; // name of speaker
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:80:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char voice[MDLG_LUMPLEN]; // voice file to play
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:81:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char backpic[MDLG_LUMPLEN]; // backdrop pic for character, if any
data/chocolate-doom-3.0.1/src/strife/p_dialog.h:82:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[MDLG_TEXTLEN]; // main message text
data/chocolate-doom-3.0.1/src/strife/p_enemy.c:2643:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pmsgbuffer[80];
data/chocolate-doom-3.0.1/src/strife/p_inter.c:427:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char pickupmsg[80];
data/chocolate-doom-3.0.1/src/strife/p_inter.c:748:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char plrkilledmsg[80];
data/chocolate-doom-3.0.1/src/strife/p_mobj.c:923:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (deathmatch_p, mthing, sizeof(*mthing));
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char basename[32];
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1593:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1632:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:1633:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char read_vcheck[VERSIONSIZE];
data/chocolate-doom-3.0.1/src/strife/p_setup.c:754:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char endname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startname[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.c:577:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char crosslinestr[90];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:220:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name1[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name2[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame1[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:458:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame2[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:459:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame3[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame4[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame5[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:462:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame6[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:463:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame7[9];
data/chocolate-doom-3.0.1/src/strife/p_spec.h:464:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frame8[9];
data/chocolate-doom-3.0.1/src/strife/p_switch.c:442:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char usemessage[92];
data/chocolate-doom-3.0.1/src/strife/p_user.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char useinventorymsg[44]; // villsa [STRIFE]
data/chocolate-doom-3.0.1/src/strife/r_data.c:72:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/strife/r_data.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/strife/r_data.c:208:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cache + position, source, count);
data/chocolate-doom-3.0.1/src/strife/r_data.c:461:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/strife/r_data.c:747:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namet[9];
data/chocolate-doom-3.0.1/src/strife/r_data.c:754:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (namet, name,8);
data/chocolate-doom-3.0.1/src/strife/r_data.c:826:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/strife/r_data.c:842:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, texture->name, 8);
data/chocolate-doom-3.0.1/src/strife/r_draw.c:855:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), 64);
data/chocolate-doom-3.0.1/src/strife/r_draw.c:861:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src+((y&63)<<6), SCREENWIDTH&63);
data/chocolate-doom-3.0.1/src/strife/r_draw.c:924:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(I_VideoBuffer + ofs, background_buffer + ofs, count);
data/chocolate-doom-3.0.1/src/strife/r_segs.c:729:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lastopening, ceilingclip+start, 2*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/strife/r_segs.c:737:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (lastopening, floorclip+start, 2*(rw_stopx-start));
data/chocolate-doom-3.0.1/src/strife/r_things.c:273:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sprites[i].spriteframes, sprtemp, maxframe*sizeof(spriteframe_t));
data/chocolate-doom-3.0.1/src/strife/s_sound.c:586:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lumpnamedup[9];
data/chocolate-doom-3.0.1/src/strife/s_sound.c:768:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:204:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *invammonames[NUMAMMO] =
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char st_msgbuf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:478:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:658:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[ST_MSGWIDTH];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:670:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:700:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[3];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1032:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconname[8];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1166:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[16];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1204:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1287:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sprname[8];
data/chocolate-doom-3.0.1/src/strife/st_stuff.c:1435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[9];
data/chocolate-doom-3.0.1/src/strife/wi_stuff.c:1561:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/v_diskicon.c:58:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d, s, w * sizeof(*d));
data/chocolate-doom-3.0.1/src/v_video.c:114:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, src, width * sizeof(*dest));
data/chocolate-doom-3.0.1/src/v_video.c:528:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, src, width * sizeof(*dest));
data/chocolate-doom-3.0.1/src/v_video.c:596:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_screen, raw, SCREENWIDTH * SCREENHEIGHT);
data/chocolate-doom-3.0.1/src/v_video.c:642:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette[48];
data/chocolate-doom-3.0.1/src/v_video.c:649:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[58];
data/chocolate-doom-3.0.1/src/v_video.c:754:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = fopen(filename, "wb");
data/chocolate-doom-3.0.1/src/v_video.c:837:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lbmname[16]; // haleyjd 20110213: BUG FIX - 12 is too small!
data/chocolate-doom-3.0.1/src/w_checksum.c:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[9];
data/chocolate-doom-3.0.1/src/w_file_posix.c:82:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
handle = open(path, 0);
data/chocolate-doom-3.0.1/src/w_file_stdc.c:38:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fstream = fopen(path, "rb");
data/chocolate-doom-3.0.1/src/w_file_win32.c:92:5: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wpath[MAX_PATH + 1];
data/chocolate-doom-3.0.1/src/w_merge.c:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sprname[4];
data/chocolate-doom-3.0.1/src/w_merge.c:209:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(newframes, sprite_frames,
data/chocolate-doom-3.0.1/src/w_merge.c:219:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result->sprname, name, 4);
data/chocolate-doom-3.0.1/src/w_merge.c:618:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->lumps[i], pwad.lumps[index],
data/chocolate-doom-3.0.1/src/w_wad.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char identification[4];
data/chocolate-doom-3.0.1/src/w_wad.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/src/w_wad.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[9];
data/chocolate-doom-3.0.1/src/w_wad.c:511:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("waddump.txt","w");
data/chocolate-doom-3.0.1/src/w_wad.c:516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (name,lumpinfo[i].name,8);
data/chocolate-doom-3.0.1/src/w_wad.h:42:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[8];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:64:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/textscreen/examples/calculator.c:86:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/textscreen/examples/guitest.c:68:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/chocolate-doom-3.0.1/textscreen/examples/guitest.c:120:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/chocolate-doom-3.0.1/textscreen/txt_desktop.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[10];
data/chocolate-doom-3.0.1/textscreen/txt_desktop.c:318:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:84:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:110:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(result + result_len, buf, bytes);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:259:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selected[MAX_PATH] = "";
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selected[MAX_PATH] = "";
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:474:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c:98:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*((int *) inputbox->value) = atoi(inputbox->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[25];
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:124:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[25];
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:250:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
spincontrol->value->i = atoi(spincontrol->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_window.c:566:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/chocolate-doom-3.0.1/textscreen/txt_window_action.c:31:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/textscreen/txt_window_action.c:46:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/chocolate-doom-3.0.1/msvc/win_opendir.c:95:39: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nd = (DIR *)(malloc(sizeof(DIR) + (_tcslen(szFullPath)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:96:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ _tcslen(SLASH)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:97:42: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ _tcslen(SUFFIX) + 1)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:113:12: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ _tcslen(nd->dd_name) - 1
data/chocolate-doom-3.0.1/msvc/win_opendir.c:115:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ _tcslen(nd->dd_name) - 1)
data/chocolate-doom-3.0.1/msvc/win_opendir.c:209:31: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dirp->dd_dir.d_namlen = _tcslen(dirp->dd_dta.name);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:119:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reg = fgetc(timer_data->fstream);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:120:15: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
val = fgetc(timer_data->fstream);
data/chocolate-doom-3.0.1/opl/examples/droplay.c:131:21: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
val |= (fgetc(timer_data->fstream) << 8);
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:159:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(sound_server_pipe[1], &tone, sizeof(tone_t));
data/chocolate-doom-3.0.1/pcsound/pcsound_bsd.c:273:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(sound_server_pipe[0], &tone, sizeof(tone_t)) < 0)
data/chocolate-doom-3.0.1/src/d_iwad.c:317:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path = unstr + strlen(UNINSTALLER_STRING);
data/chocolate-doom-3.0.1/src/d_iwad.c:393:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (current_path != NULL && strlen(current_path) > 0)
data/chocolate-doom-3.0.1/src/d_iwad.c:405:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(install_path) + strlen(STEAM_BFG_GUS_PATCHES) + 20;
data/chocolate-doom-3.0.1/src/d_iwad.c:405:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(install_path) + strlen(STEAM_BFG_GUS_PATCHES) + 20;
data/chocolate-doom-3.0.1/src/d_iwad.c:456:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path_len = strlen(path);
data/chocolate-doom-3.0.1/src/d_iwad.c:457:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(filename);
data/chocolate-doom-3.0.1/src/deh_io.c:155:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(context->stream);
data/chocolate-doom-3.0.1/src/deh_main.c:156:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strending = s + strlen(s) - 1;
data/chocolate-doom-3.0.1/src/deh_main.c:158:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(s) > 0 && isspace(*strending))
data/chocolate-doom-3.0.1/src/deh_main.c:351:17: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(line, "%19s", section_name);
data/chocolate-doom-3.0.1/src/deh_str.c:186:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(to_text) + 1;
data/chocolate-doom-3.0.1/src/deh_str.c:196:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(from_text) + 1;
data/chocolate-doom-3.0.1/src/deh_str.c:200:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(to_text) + 1;
data/chocolate-doom-3.0.1/src/doom/d_main.c:689:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gamename_size = strlen(deh_sub) + 10;
data/chocolate-doom-3.0.1/src/doom/d_main.c:700:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (gamename[0] != '\0' && isspace(gamename[strlen(gamename)-1]))
data/chocolate-doom-3.0.1/src/doom/d_main.c:702:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gamename[strlen(gamename) - 1] = '\0';
data/chocolate-doom-3.0.1/src/doom/d_main.c:941:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (deh_s[strlen(deh_s) - 1] != '\n')
data/chocolate-doom-3.0.1/src/doom/d_main.c:1172:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t chex_deh_len = strlen(iwadfile) + 9;
data/chocolate-doom-3.0.1/src/doom/deh_bexstr.c:340:9: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(line, "%9s", s) == 0 || strncmp("[STRINGS]", s, sizeof(s)))
data/chocolate-doom-3.0.1/src/doom/f_finale.c:207:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& finalecount>strlen (finaletext)*TEXTSPEED + TEXTWAIT)
data/chocolate-doom-3.0.1/src/doom/g_game.c:2015:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
demoname_size = strlen(name) + 5;
data/chocolate-doom-3.0.1/src/doom/m_menu.c:671:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saveCharIndex = strlen(savegamestrings[choice]);
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1269:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1293:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1964:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(messageString + start); i++)
data/chocolate-doom-3.0.1/src/doom/m_menu.c:1984:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen(string);
data/chocolate-doom-3.0.1/src/doom/p_saveg.c:66:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_size = strlen(savegamedir) + 32;
data/chocolate-doom-3.0.1/src/gusconf.c:101:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = fields[num_fields - 1] + strlen(fields[num_fields - 1]);
data/chocolate-doom-3.0.1/src/heretic/deh_htext.c:813:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& repl_len > MaxStringLength(strlen(orig_text)))
data/chocolate-doom-3.0.1/src/heretic/f_finale.c:126:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& finalecount > strlen(finaletext) * TEXTSPEED + TEXTWAIT)
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:47:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(savegamedir) + strlen(SAVEGAMENAME) + 8;
data/chocolate-doom-3.0.1/src/heretic/p_saveg.c:47:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_len = strlen(savegamedir) + strlen(SAVEGAMENAME) + 8;
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:124:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FinaleEndCount = strlen(FinaleText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/hexen/f_finale.c:128:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
FinaleEndCount = strlen(FinaleText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/hexen/in_lude.c:198:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
HubCount = strlen(HubText) * TEXTSPEED + TEXTWAIT;
data/chocolate-doom-3.0.1/src/i_input.c:231:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(next_event.text.text) == 1
data/chocolate-doom-3.0.1/src/i_midipipe.c:391:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!UsingNativeMidi() || strlen(snd_musiccmd) > 0)
data/chocolate-doom-3.0.1/src/i_oplmusic.c:371:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
main_instrs = (genmidi_instr_t *) (lump + strlen(GENMIDI_HEADER));
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:614:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(p) > 0 && isspace(p[strlen(p) - 1]))
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:614:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(p) > 0 && isspace(p[strlen(p) - 1]))
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:616:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p) - 1] = '\0';
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:619:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p) == 0)
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:765:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, lumpinfo[lumpnum]->name, 8);
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:966:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(snd_musiccmd) > 0)
data/chocolate-doom-3.0.1/src/i_sdlmusic.c:1251:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(snd_musiccmd) == 0)
data/chocolate-doom-3.0.1/src/i_system.c:163:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int spaces = 35 - (strlen(msg) / 2);
data/chocolate-doom-3.0.1/src/m_cheat.c:42:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cht->parameter_chars > 0 && strlen(cht->sequence) < cht->sequence_len)
data/chocolate-doom-3.0.1/src/m_cheat.c:45:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cht->chars_read < strlen(cht->sequence))
data/chocolate-doom-3.0.1/src/m_cheat.c:68:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cht->chars_read >= strlen(cht->sequence)
data/chocolate-doom-3.0.1/src/m_config.c:1889:13: [1] (buffer) fscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (fscanf(f, "%79s %99[^\n]\n", defname, strparm) != 2)
data/chocolate-doom-3.0.1/src/m_config.c:1911:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(strparm) > 0 && !isprint(strparm[strlen(strparm)-1]))
data/chocolate-doom-3.0.1/src/m_config.c:1911:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(strparm) > 0 && !isprint(strparm[strlen(strparm)-1]))
data/chocolate-doom-3.0.1/src/m_config.c:1913:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strparm[strlen(strparm)-1] = '\0';
data/chocolate-doom-3.0.1/src/m_config.c:1917:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(strparm) >= 2
data/chocolate-doom-3.0.1/src/m_config.c:1918:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strparm[0] == '"' && strparm[strlen(strparm) - 1] == '"')
data/chocolate-doom-3.0.1/src/m_config.c:1920:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strparm[strlen(strparm) - 1] = '\0';
data/chocolate-doom-3.0.1/src/m_misc.c:140:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(filename) > 1)
data/chocolate-doom-3.0.1/src/m_misc.c:273:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src = path + strlen(path) - 1;
data/chocolate-doom-3.0.1/src/m_misc.c:353:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
haystack_len = strlen(haystack);
data/chocolate-doom-3.0.1/src/m_misc.c:354:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
needle_len = strlen(needle);
data/chocolate-doom-3.0.1/src/m_misc.c:388:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(orig));
data/chocolate-doom-3.0.1/src/m_misc.c:403:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t needle_len = strlen(needle);
data/chocolate-doom-3.0.1/src/m_misc.c:408:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len = strlen(haystack) + 1;
data/chocolate-doom-3.0.1/src/m_misc.c:420:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(replacement) - needle_len;
data/chocolate-doom-3.0.1/src/m_misc.c:441:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst += strlen(replacement);
data/chocolate-doom-3.0.1/src/m_misc.c:442:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dst_len -= strlen(replacement);
data/chocolate-doom-3.0.1/src/m_misc.c:467:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, dest_size - 1);
data/chocolate-doom-3.0.1/src/m_misc.c:474:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dest);
data/chocolate-doom-3.0.1/src/m_misc.c:485:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(dest);
data/chocolate-doom-3.0.1/src/m_misc.c:498:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s) > strlen(prefix)
data/chocolate-doom-3.0.1/src/m_misc.c:498:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s) > strlen(prefix)
data/chocolate-doom-3.0.1/src/m_misc.c:499:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strncmp(s, prefix, strlen(prefix)) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:506:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s) >= strlen(suffix)
data/chocolate-doom-3.0.1/src/m_misc.c:506:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(s) >= strlen(suffix)
data/chocolate-doom-3.0.1/src/m_misc.c:507:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strcmp(s + strlen(s) - strlen(suffix), suffix) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:507:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strcmp(s + strlen(s) - strlen(suffix), suffix) == 0;
data/chocolate-doom-3.0.1/src/m_misc.c:520:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len = strlen(s) + 1;
data/chocolate-doom-3.0.1/src/m_misc.c:531:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(v);
data/chocolate-doom-3.0.1/src/m_misc.c:609:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int len = strlen(oem) + 1;
data/chocolate-doom-3.0.1/src/midifile.c:114:9: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(stream);
data/chocolate-doom-3.0.1/src/net_packet.c:310:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string_size = strlen(string) + 1;
data/chocolate-doom-3.0.1/src/net_structrw.c:501:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL || strlen(s) >= MAXPLAYERNAME)
data/chocolate-doom-3.0.1/src/net_structrw.c:510:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s == NULL || strlen(s) >= MAXPLAYERNAME)
data/chocolate-doom-3.0.1/src/setup/execute.c:171:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value, strlen(value) + 1,
data/chocolate-doom-3.0.1/src/setup/execute.c:172:31: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf + wcslen(buf), strlen(value) + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:172:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf + wcslen(buf), strlen(value) + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:191:21: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:191:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:191:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = calloc(wcslen(exe_path) + strlen(program) + strlen(arg) + 6,
data/chocolate-doom-3.0.1/src/setup/execute.c:194:5: [1] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant character.
wcscpy(result, L"\"");
data/chocolate-doom-3.0.1/src/setup/execute.c:203:9: [1] (buffer) wcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
wcsncpy(result + 1, exe_path, sep - exe_path + 1);
data/chocolate-doom-3.0.1/src/setup/execute.c:217:5: [1] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant
character.
wcscat(result, L"\"");
data/chocolate-doom-3.0.1/src/setup/execute.c:279:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len = strlen(program) + path_len + 1;
data/chocolate-doom-3.0.1/src/setup/joystick.c:619:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(known_joysticks[i].name) - 1) != 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:172:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (wads[i] != NULL && strlen(wads[i]) > 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:190:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (extra_params[i] != NULL && strlen(extra_params[i]) > 0)
data/chocolate-doom-3.0.1/src/setup/multiplayer.c:814:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (connect_address == NULL || strlen(connect_address) <= 0)
data/chocolate-doom-3.0.1/src/sha1.c:319:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SHA1_Update(context, (byte *) str, strlen(str) + 1);
data/chocolate-doom-3.0.1/src/strife/d_main.c:794:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gamename_size = strlen(deh_sub) + 10;
data/chocolate-doom-3.0.1/src/strife/d_main.c:804:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (gamename[0] != '\0' && isspace(gamename[strlen(gamename)-1]))
data/chocolate-doom-3.0.1/src/strife/d_main.c:805:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gamename[strlen(gamename) - 1] = '\0';
data/chocolate-doom-3.0.1/src/strife/d_main.c:847:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(iwad) + 1;
data/chocolate-doom-3.0.1/src/strife/d_main.c:997:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (deh_s[strlen(deh_s) - 1] != '\n')
data/chocolate-doom-3.0.1/src/strife/d_main.c:1170:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/chocolate-doom-3.0.1/src/strife/d_main.c:1327:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 5);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1331:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 7);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1335:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 9);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1339:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 11);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1343:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 14);
data/chocolate-doom-3.0.1/src/strife/d_main.c:1347:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
D_SetCursorPosition(40 - strlen(string) / 2, 17);
data/chocolate-doom-3.0.1/src/strife/g_game.c:2197:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
demoname_size = strlen(name) + 5;
data/chocolate-doom-3.0.1/src/strife/m_menu.c:773:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
saveCharIndex = strlen(savegamestrings[choice]);
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1496:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:1520:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0;i < strlen(string);i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2308:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(messageString + start); i++)
data/chocolate-doom-3.0.1/src/strife/m_menu.c:2329:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen(string);
data/chocolate-doom-3.0.1/src/strife/m_saves.c:351:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(str1);
data/chocolate-doom-3.0.1/src/strife/m_saves.c:363:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(argstr);
data/chocolate-doom-3.0.1/src/strife/p_saveg.c:70:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename_size = strlen(savegamedir) + 32;
data/chocolate-doom-3.0.1/src/w_file_posix.c:141:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
result = read(posix_wad->handle, byte_buffer, buffer_len);
data/chocolate-doom-3.0.1/src/w_file_win32.c:98:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
path, strlen(path) + 1,
data/chocolate-doom-3.0.1/src/w_wad.c:143:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcasecmp(filename+strlen(filename)-3 , "wad" ) )
data/chocolate-doom-3.0.1/src/w_wad.c:219:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lump_p->name, filerover->name, 8);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:92:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(pipefd[0], buf, sizeof(buf));
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:115:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(100 * 1000);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:227:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += 16 + strlen(extensions[i]) * 3;
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:347:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = malloc(strlen(s) + 3);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:380:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += 5 + strlen(extensions[i]) * 2;
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:424:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(window_title);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:428:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len += strlen(ext_list);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:459:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len = strlen(APPLESCRIPT_WRAPPER) + strlen(selector);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:459:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result_len = strlen(APPLESCRIPT_WRAPPER) + strlen(selector);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:531:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
oldlen = strlen(orig);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:579:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 10 + strlen(window_title);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:597:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 30 + strlen(extensions[i]) + strlen(newext);
data/chocolate-doom-3.0.1/textscreen/txt_fileselect.c:597:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 30 + strlen(extensions[i]) + strlen(newext);
data/chocolate-doom-3.0.1/textscreen/txt_gui.c:253:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TXT_GotoXY(x + strlen(s), y);
data/chocolate-doom-3.0.1/textscreen/txt_inputbox.c:205:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
end = inputbox->buffer + strlen(inputbox->buffer);
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:914:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, src, dest_len - 1);
data/chocolate-doom-3.0.1/textscreen/txt_sdl.c:921:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = strlen(dest);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:56:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(buf);
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:210:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& strlen(spincontrol->buffer) < spincontrol->buffer_len - 2)
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:212:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spincontrol->buffer[strlen(spincontrol->buffer) + 1] = '\0';
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:213:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spincontrol->buffer[strlen(spincontrol->buffer)] = key;
data/chocolate-doom-3.0.1/textscreen/txt_spinctrl.c:221:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spincontrol->buffer[strlen(spincontrol->buffer) - 1] = '\0';
data/chocolate-doom-3.0.1/textscreen/txt_window.c:530:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_len = strlen(url) + 30;
ANALYSIS SUMMARY:
Hits = 828
Lines analyzed = 302414 in approximately 5.44 seconds (55590 lines/second)
Physical Source Lines of Code (SLOC) = 210722
Hits@level = [0] 440 [1] 157 [2] 617 [3] 24 [4] 29 [5] 1
Hits@level+ = [0+] 1268 [1+] 828 [2+] 671 [3+] 54 [4+] 30 [5+] 1
Hits/KSLOC@level+ = [0+] 6.01741 [1+] 3.92935 [2+] 3.18429 [3+] 0.256262 [4+] 0.142368 [5+] 0.00474559
Dot directories skipped = 2 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.