Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/include/cfnewspaper.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/include/cfnewspaper_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfanim/include/cfanim.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfanim/include/cfanim_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/common/include/hashtable.h
Examining data/crossfire-1.71.0+dfsg1/plugins/common/include/plugin_common.h
Examining data/crossfire-1.71.0+dfsg1/plugins/common/plugin_common.c
Examining data/crossfire-1.71.0+dfsg1/plugins/common/hashtable.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cflogger/include/cflogger_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cflogger/include/cflogger.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfrhg/include/cfrhg.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfrhg/include/cfrhg_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c
Examining data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c
Examining data/crossfire-1.71.0+dfsg1/plugins/template/include/plugin_template.h
Examining data/crossfire-1.71.0+dfsg1/plugins/citylife/include/citylife.h
Examining data/crossfire-1.71.0+dfsg1/plugins/citylife/include/citylife_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/citylife/citylife.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_archetype.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_archetype.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_map.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_object.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_region.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_proto.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython_party.h
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_map.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_party.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cjson.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c
Examining data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_region.c
Examining data/crossfire-1.71.0+dfsg1/common/recipe.c
Examining data/crossfire-1.71.0+dfsg1/common/utils.c
Examining data/crossfire-1.71.0+dfsg1/common/los.c
Examining data/crossfire-1.71.0+dfsg1/common/player.c
Examining data/crossfire-1.71.0+dfsg1/common/region.c
Examining data/crossfire-1.71.0+dfsg1/common/init.c
Examining data/crossfire-1.71.0+dfsg1/common/button.c
Examining data/crossfire-1.71.0+dfsg1/common/links.c
Examining data/crossfire-1.71.0+dfsg1/common/item.c
Examining data/crossfire-1.71.0+dfsg1/common/living.c
Examining data/crossfire-1.71.0+dfsg1/common/time.c
Examining data/crossfire-1.71.0+dfsg1/common/exp.c
Examining data/crossfire-1.71.0+dfsg1/common/map.c
Examining data/crossfire-1.71.0+dfsg1/common/re-cmp.c
Examining data/crossfire-1.71.0+dfsg1/common/path.c
Examining data/crossfire-1.71.0+dfsg1/common/holy.c
Examining data/crossfire-1.71.0+dfsg1/common/treasure.c
Examining data/crossfire-1.71.0+dfsg1/common/arch.c
Examining data/crossfire-1.71.0+dfsg1/common/shstr.c
Examining data/crossfire-1.71.0+dfsg1/common/ob_types.c
Examining data/crossfire-1.71.0+dfsg1/common/glue.c
Examining data/crossfire-1.71.0+dfsg1/common/languages.c
Examining data/crossfire-1.71.0+dfsg1/common/friend.c
Examining data/crossfire-1.71.0+dfsg1/common/ob_methods.c
Examining data/crossfire-1.71.0+dfsg1/common/stringbuffer.c
Examining data/crossfire-1.71.0+dfsg1/common/porting.c
Examining data/crossfire-1.71.0+dfsg1/common/info.c
Examining data/crossfire-1.71.0+dfsg1/common/image.c
Examining data/crossfire-1.71.0+dfsg1/common/logger.c
Examining data/crossfire-1.71.0+dfsg1/common/dialog.c
Examining data/crossfire-1.71.0+dfsg1/common/artifact.c
Examining data/crossfire-1.71.0+dfsg1/common/anim.c
Examining data/crossfire-1.71.0+dfsg1/common/object.c
Examining data/crossfire-1.71.0+dfsg1/common/readable.c
Examining data/crossfire-1.71.0+dfsg1/include/shared/newclient.h
Examining data/crossfire-1.71.0+dfsg1/include/account_char.h
Examining data/crossfire-1.71.0+dfsg1/include/recipe.h
Examining data/crossfire-1.71.0+dfsg1/include/metaserver2.h
Examining data/crossfire-1.71.0+dfsg1/include/global.h
Examining data/crossfire-1.71.0+dfsg1/include/includes.h
Examining data/crossfire-1.71.0+dfsg1/include/loader.h
Examining data/crossfire-1.71.0+dfsg1/include/tod.h
Examining data/crossfire-1.71.0+dfsg1/include/newserver.h
Examining data/crossfire-1.71.0+dfsg1/include/sounds.h
Examining data/crossfire-1.71.0+dfsg1/include/path.h
Examining data/crossfire-1.71.0+dfsg1/include/timers.h
Examining data/crossfire-1.71.0+dfsg1/include/define.h
Examining data/crossfire-1.71.0+dfsg1/include/player.h
Examining data/crossfire-1.71.0+dfsg1/include/logger.h
Examining data/crossfire-1.71.0+dfsg1/include/plugin.h
Examining data/crossfire-1.71.0+dfsg1/include/book.h
Examining data/crossfire-1.71.0+dfsg1/include/race.h
Examining data/crossfire-1.71.0+dfsg1/include/attack.h
Examining data/crossfire-1.71.0+dfsg1/include/party.h
Examining data/crossfire-1.71.0+dfsg1/include/skills.h
Examining data/crossfire-1.71.0+dfsg1/include/treasure.h
Examining data/crossfire-1.71.0+dfsg1/include/win32.h
Examining data/crossfire-1.71.0+dfsg1/include/libproto.h
Examining data/crossfire-1.71.0+dfsg1/include/typesproto.h
Examining data/crossfire-1.71.0+dfsg1/include/stringbuffer.h
Examining data/crossfire-1.71.0+dfsg1/include/xdir.h
Examining data/crossfire-1.71.0+dfsg1/include/shstr.h
Examining data/crossfire-1.71.0+dfsg1/include/plugproto.h
Examining data/crossfire-1.71.0+dfsg1/include/dialog.h
Examining data/crossfire-1.71.0+dfsg1/include/map.h
Examining data/crossfire-1.71.0+dfsg1/include/spellist.h
Examining data/crossfire-1.71.0+dfsg1/include/material.h
Examining data/crossfire-1.71.0+dfsg1/include/config.h
Examining data/crossfire-1.71.0+dfsg1/include/face.h
Examining data/crossfire-1.71.0+dfsg1/include/god.h
Examining data/crossfire-1.71.0+dfsg1/include/sockproto.h
Examining data/crossfire-1.71.0+dfsg1/include/re-cmp.h
Examining data/crossfire-1.71.0+dfsg1/include/sproto.h
Examining data/crossfire-1.71.0+dfsg1/include/version.h
Examining data/crossfire-1.71.0+dfsg1/include/image.h
Examining data/crossfire-1.71.0+dfsg1/include/commands.h
Examining data/crossfire-1.71.0+dfsg1/include/ob_methods.h
Examining data/crossfire-1.71.0+dfsg1/include/ob_types.h
Examining data/crossfire-1.71.0+dfsg1/include/object.h
Examining data/crossfire-1.71.0+dfsg1/include/living.h
Examining data/crossfire-1.71.0+dfsg1/include/spells.h
Examining data/crossfire-1.71.0+dfsg1/include/artifact.h
Examining data/crossfire-1.71.0+dfsg1/utils/bwp.c
Examining data/crossfire-1.71.0+dfsg1/utils/mapper.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/door.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/room_gen.h
Examining data/crossfire-1.71.0+dfsg1/random_maps/square_spiral.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/random_map.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/rproto.h
Examining data/crossfire-1.71.0+dfsg1/random_maps/decor.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/random_map.h
Examining data/crossfire-1.71.0+dfsg1/random_maps/exit.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/room_gen_spiral.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/main.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/treasure.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/maze_gen.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/rogue_layout.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/wall.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/special.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/monster.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/floor.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/expand2x.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/snake.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/room_gen_onion.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/style.c
Examining data/crossfire-1.71.0+dfsg1/random_maps/expand2x.h
Examining data/crossfire-1.71.0+dfsg1/random_maps/maze_gen.h
Examining data/crossfire-1.71.0+dfsg1/test/include/toolkit_server.h
Examining data/crossfire-1.71.0+dfsg1/test/include/toolkit_socket.h
Examining data/crossfire-1.71.0+dfsg1/test/include/toolkit_crossedit.h
Examining data/crossfire-1.71.0+dfsg1/test/include/toolkit_common.h
Examining data/crossfire-1.71.0+dfsg1/test/include/toolkit_random_maps.h
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_crossedit.c
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_server.c
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_common.c
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_random_maps.c
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_map.c
Examining data/crossfire-1.71.0+dfsg1/test/toolkit/toolkit_socket.c
Examining data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_free_objects.c
Examining data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_weight_reduction.c
Examining data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c
Examining data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_2879249.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_shstr.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_links.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_image.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_path.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_porting.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_glue.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_logger.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_info.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_los.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_utils.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_player.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_exp.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/stubs_common.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_holy.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_readable.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_re-cmp.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_init.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_recipe.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_map.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_living.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_region.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_treasure.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_object.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_friend.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_button.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_loader.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_time.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/common/check_anim.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_test.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_maze_gen.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_random_map.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_special.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_standalone.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_room_gen_spiral.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_expand2x.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_exit.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_square_spiral.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/stubs_random.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_reader.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_monster.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_room_gen_onion.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_style.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_rogue_layout.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_floor.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_treasure.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_decor.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_door.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_snake.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/random_maps/check_wall.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_swamp.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_plugins.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_spell_effect.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_login.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_account.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_win32.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_ban.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_object.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_gods.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_disease.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/comet_perf.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_chat.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_timers.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_daemon.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_rune.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_wiz.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_account_char.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_apply.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_misc.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_range.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_move.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_egoitem.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_party.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_player.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_weather.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_resurrection.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_alchemy.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_monster.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_spell_util.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_move.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_pets.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_build_map.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_spell_attack.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_main.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_swap.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_c_new.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_skills.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_init.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_attack.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_shop.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_hiscore.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_commands.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_skill_util.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/server/check_time.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/stubs_socket.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_request.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_lowlevel.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_image.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_metaserver.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_item.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_info.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_init.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_sounds.c
Examining data/crossfire-1.71.0+dfsg1/test/unit/socket/check_loop.c
Examining data/crossfire-1.71.0+dfsg1/make_win32/plugin_python/resource.h
Examining data/crossfire-1.71.0+dfsg1/make_win32/resource.h
Examining data/crossfire-1.71.0+dfsg1/server/c_misc.c
Examining data/crossfire-1.71.0+dfsg1/server/spell_util.c
Examining data/crossfire-1.71.0+dfsg1/server/attack.c
Examining data/crossfire-1.71.0+dfsg1/server/party.c
Examining data/crossfire-1.71.0+dfsg1/server/player.c
Examining data/crossfire-1.71.0+dfsg1/server/init.c
Examining data/crossfire-1.71.0+dfsg1/server/build_map.c
Examining data/crossfire-1.71.0+dfsg1/server/account.c
Examining data/crossfire-1.71.0+dfsg1/server/c_move.c
Examining data/crossfire-1.71.0+dfsg1/server/commands.c
Examining data/crossfire-1.71.0+dfsg1/server/apply.c
Examining data/crossfire-1.71.0+dfsg1/server/move.c
Examining data/crossfire-1.71.0+dfsg1/server/time.c
Examining data/crossfire-1.71.0+dfsg1/server/spell_effect.c
Examining data/crossfire-1.71.0+dfsg1/server/knowledge.c
Examining data/crossfire-1.71.0+dfsg1/server/weather.c
Examining data/crossfire-1.71.0+dfsg1/server/pets.c
Examining data/crossfire-1.71.0+dfsg1/server/skills.c
Examining data/crossfire-1.71.0+dfsg1/server/main.c
Examining data/crossfire-1.71.0+dfsg1/server/disease.c
Examining data/crossfire-1.71.0+dfsg1/server/timers.c
Examining data/crossfire-1.71.0+dfsg1/server/ob_types.c
Examining data/crossfire-1.71.0+dfsg1/server/c_range.c
Examining data/crossfire-1.71.0+dfsg1/server/hiscore.c
Examining data/crossfire-1.71.0+dfsg1/server/ob_methods.c
Examining data/crossfire-1.71.0+dfsg1/server/win32.c
Examining data/crossfire-1.71.0+dfsg1/server/swap.c
Examining data/crossfire-1.71.0+dfsg1/server/c_wiz.c
Examining data/crossfire-1.71.0+dfsg1/server/c_party.c
Examining data/crossfire-1.71.0+dfsg1/server/spell_attack.c
Examining data/crossfire-1.71.0+dfsg1/server/server.c
Examining data/crossfire-1.71.0+dfsg1/server/c_object.c
Examining data/crossfire-1.71.0+dfsg1/server/monster.c
Examining data/crossfire-1.71.0+dfsg1/server/gods.c
Examining data/crossfire-1.71.0+dfsg1/server/daemon.c
Examining data/crossfire-1.71.0+dfsg1/server/account_char.c
Examining data/crossfire-1.71.0+dfsg1/server/skill_util.c
Examining data/crossfire-1.71.0+dfsg1/server/login.c
Examining data/crossfire-1.71.0+dfsg1/server/rune.c
Examining data/crossfire-1.71.0+dfsg1/server/resurrection.c
Examining data/crossfire-1.71.0+dfsg1/server/ban.c
Examining data/crossfire-1.71.0+dfsg1/server/quest.c
Examining data/crossfire-1.71.0+dfsg1/server/shop.c
Examining data/crossfire-1.71.0+dfsg1/server/plugins.c
Examining data/crossfire-1.71.0+dfsg1/server/alchemy.c
Examining data/crossfire-1.71.0+dfsg1/server/c_new.c
Examining data/crossfire-1.71.0+dfsg1/server/c_chat.c
Examining data/crossfire-1.71.0+dfsg1/socket/loop.c
Examining data/crossfire-1.71.0+dfsg1/socket/init.c
Examining data/crossfire-1.71.0+dfsg1/socket/item.c
Examining data/crossfire-1.71.0+dfsg1/socket/metaserver.c
Examining data/crossfire-1.71.0+dfsg1/socket/info.c
Examining data/crossfire-1.71.0+dfsg1/socket/lowlevel.c
Examining data/crossfire-1.71.0+dfsg1/socket/requestinfo.c
Examining data/crossfire-1.71.0+dfsg1/socket/request.c
Examining data/crossfire-1.71.0+dfsg1/socket/image.c
Examining data/crossfire-1.71.0+dfsg1/socket/sounds.c
Examining data/crossfire-1.71.0+dfsg1/types/peacemaker/peacemaker.c
Examining data/crossfire-1.71.0+dfsg1/types/trigger_altar/trigger_altar.c
Examining data/crossfire-1.71.0+dfsg1/types/identify_altar/identify_altar.c
Examining data/crossfire-1.71.0+dfsg1/types/blindness/blindness.c
Examining data/crossfire-1.71.0+dfsg1/types/player_changer/player_changer.c
Examining data/crossfire-1.71.0+dfsg1/types/spellbook/spellbook.c
Examining data/crossfire-1.71.0+dfsg1/types/lighter/lighter.c
Examining data/crossfire-1.71.0+dfsg1/types/exit/exit.c
Examining data/crossfire-1.71.0+dfsg1/types/detector/detector.c
Examining data/crossfire-1.71.0+dfsg1/types/common/common_apply.c
Examining data/crossfire-1.71.0+dfsg1/types/common/describe.c
Examining data/crossfire-1.71.0+dfsg1/types/common/projectile.c
Examining data/crossfire-1.71.0+dfsg1/types/legacy/process.c
Examining data/crossfire-1.71.0+dfsg1/types/legacy/apply.c
Examining data/crossfire-1.71.0+dfsg1/types/legacy/legacy_describe.c
Examining data/crossfire-1.71.0+dfsg1/types/cf_handle/cf_handle.c
Examining data/crossfire-1.71.0+dfsg1/types/potion/potion.c
Examining data/crossfire-1.71.0+dfsg1/types/scroll/scroll.c
Examining data/crossfire-1.71.0+dfsg1/types/hole/hole.c
Examining data/crossfire-1.71.0+dfsg1/types/director/director.c
Examining data/crossfire-1.71.0+dfsg1/types/gate/gate.c
Examining data/crossfire-1.71.0+dfsg1/types/trap/rune.c
Examining data/crossfire-1.71.0+dfsg1/types/trap/trap.c
Examining data/crossfire-1.71.0+dfsg1/types/trap/common_trap.c
Examining data/crossfire-1.71.0+dfsg1/types/marker/marker.c
Examining data/crossfire-1.71.0+dfsg1/types/trigger_pedestal/trigger_pedestal.c
Examining data/crossfire-1.71.0+dfsg1/types/savebed/savebed.c
Examining data/crossfire-1.71.0+dfsg1/types/shop_mat/shop_mat.c
Examining data/crossfire-1.71.0+dfsg1/types/trapdoor/trapdoor.c
Examining data/crossfire-1.71.0+dfsg1/types/skillscroll/skillscroll.c
Examining data/crossfire-1.71.0+dfsg1/types/container/container.c
Examining data/crossfire-1.71.0+dfsg1/types/poisoning/poisoning.c
Examining data/crossfire-1.71.0+dfsg1/types/trigger_button/trigger_button.c
Examining data/crossfire-1.71.0+dfsg1/types/food/food.c
Examining data/crossfire-1.71.0+dfsg1/types/arrow/arrow.c
Examining data/crossfire-1.71.0+dfsg1/types/armour_improver/armour_improver.c
Examining data/crossfire-1.71.0+dfsg1/types/dragon_focus/dragon_focus.c
Examining data/crossfire-1.71.0+dfsg1/types/poison/poison.c
Examining data/crossfire-1.71.0+dfsg1/types/pedestal/pedestal.c
Examining data/crossfire-1.71.0+dfsg1/types/treasure/treasure.c
Examining data/crossfire-1.71.0+dfsg1/types/duplicator/duplicator.c
Examining data/crossfire-1.71.0+dfsg1/types/lamp/lamp.c
Examining data/crossfire-1.71.0+dfsg1/types/deep_swamp/deep_swamp.c
Examining data/crossfire-1.71.0+dfsg1/types/creator/creator.c
Examining data/crossfire-1.71.0+dfsg1/types/mood_floor/mood_floor.c
Examining data/crossfire-1.71.0+dfsg1/types/teleporter/teleporter.c
Examining data/crossfire-1.71.0+dfsg1/types/player_mover/player_mover.c
Examining data/crossfire-1.71.0+dfsg1/types/book/book.c
Examining data/crossfire-1.71.0+dfsg1/types/check_inv/check_inv.c
Examining data/crossfire-1.71.0+dfsg1/types/thrown_object/thrown_object.c
Examining data/crossfire-1.71.0+dfsg1/types/trigger/trigger.c
Examining data/crossfire-1.71.0+dfsg1/types/spell_effect/spell_effect.c
Examining data/crossfire-1.71.0+dfsg1/types/clock/clock.c
Examining data/crossfire-1.71.0+dfsg1/types/converter/converter.c
Examining data/crossfire-1.71.0+dfsg1/types/button/button.c
Examining data/crossfire-1.71.0+dfsg1/types/weapon_improver/weapon_improver.c
Examining data/crossfire-1.71.0+dfsg1/types/shop_inventory/shop_inventory.c
Examining data/crossfire-1.71.0+dfsg1/types/spinner/spinner.c
Examining data/crossfire-1.71.0+dfsg1/types/power_crystal/power_crystal.c
Examining data/crossfire-1.71.0+dfsg1/types/transport/transport.c
Examining data/crossfire-1.71.0+dfsg1/types/altar/altar.c
Examining data/crossfire-1.71.0+dfsg1/types/sign/sign.c
FINAL RESULTS:
data/crossfire-1.71.0+dfsg1/common/map.c:1563:13: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(final_unique, SAVE_MODE);
data/crossfire-1.71.0+dfsg1/common/map.c:1586:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(final, SAVE_MODE);
data/crossfire-1.71.0+dfsg1/common/readable.c:2176:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(fname, SAVE_MODE);
data/crossfire-1.71.0+dfsg1/server/login.c:415:5: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
chmod(filename, SAVE_MODE);
data/crossfire-1.71.0+dfsg1/server/quest.c:1164:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(prefix, "-", MAX_BUF - 1);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2762:9: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(name, tiled_map_list.maps[map]->filename, sizeof(name));
data/crossfire-1.71.0+dfsg1/common/holy.c:357:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retbuf, attacks[i]); \
data/crossfire-1.71.0+dfsg1/common/holy.c:372:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(retbuf, spellpathnames[i]); \
data/crossfire-1.71.0+dfsg1/common/init.c:409:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(first_map_ext_path, at->clone.race);
data/crossfire-1.71.0+dfsg1/common/languages.c:155:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(line, buf);
data/crossfire-1.71.0+dfsg1/common/logger.c:74:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), format, ap);
data/crossfire-1.71.0+dfsg1/common/map.c:1229:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(m->path, filename);
data/crossfire-1.71.0+dfsg1/common/map.c:1369:14: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(firstname, R_OK))
data/crossfire-1.71.0+dfsg1/common/object.c:4490:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_name, name); /* strtok is destructive to name */
data/crossfire-1.71.0+dfsg1/common/porting.c:97:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void)sprintf(name, "%s/%s%x%u", dir, pfx, (unsigned int)pid, curtmp);
data/crossfire-1.71.0+dfsg1/common/porting.c:100:18: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
} while (access(name, F_OK) != -1);
data/crossfire-1.71.0+dfsg1/common/porting.c:222:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen fixed_popen
data/crossfire-1.71.0+dfsg1/common/porting.c:263:17: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/sh", "sh", "-c", command, NULL);
data/crossfire-1.71.0+dfsg1/common/porting.c:299:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(c, str);
data/crossfire-1.71.0+dfsg1/common/porting.c:484:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int snprintf(char *dest, int max, const char *format, ...) {
data/crossfire-1.71.0+dfsg1/common/porting.c:489:11: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
ret = vsprintf(dest, format, var);
data/crossfire-1.71.0+dfsg1/common/porting.c:588:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, filename);
data/crossfire-1.71.0+dfsg1/common/readable.c:768:25: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(msgbuf, buf);
data/crossfire-1.71.0+dfsg1/common/recipe.c:466:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(part1, name);
data/crossfire-1.71.0+dfsg1/common/recipe.c:468:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(part2, cp+4);
data/crossfire-1.71.0+dfsg1/common/recipe.c:486:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(part1, name);
data/crossfire-1.71.0+dfsg1/common/recipe.c:488:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(part2, cp+3);
data/crossfire-1.71.0+dfsg1/common/region.c:450:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(msgbuf+msgpos, key);
data/crossfire-1.71.0+dfsg1/common/shstr.c:111:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ss->string, str);
data/crossfire-1.71.0+dfsg1/common/stringbuffer.c:115:13: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(sb->buf+sb->pos, size, format, arg);
data/crossfire-1.71.0+dfsg1/common/treasure.c:155:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(cp, "arch %s", variable)) {
data/crossfire-1.71.0+dfsg1/common/treasure.c:160:20: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(cp, "list %s", variable))
data/crossfire-1.71.0+dfsg1/common/treasure.c:162:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(cp, "change_name %s", variable))
data/crossfire-1.71.0+dfsg1/common/treasure.c:164:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(cp, "change_title %s", variable))
data/crossfire-1.71.0+dfsg1/common/treasure.c:166:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(cp, "change_slaying %s", variable))
data/crossfire-1.71.0+dfsg1/common/treasure.c:244:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "treasureone %s\n", name) || sscanf(buf, "treasure %s\n", name)) {
data/crossfire-1.71.0+dfsg1/common/treasure.c:244:54: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buf, "treasureone %s\n", name) || sscanf(buf, "treasure %s\n", name)) {
data/crossfire-1.71.0+dfsg1/common/utils.c:404:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, tmp);
data/crossfire-1.71.0+dfsg1/common/utils.c:407:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(input, p);
data/crossfire-1.71.0+dfsg1/common/utils.c:409:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(input, tmp);
data/crossfire-1.71.0+dfsg1/include/global.h:89:54: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error do not know how to get a 64 bit value on this system.
data/crossfire-1.71.0+dfsg1/include/win32.h:49:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/crossfire-1.71.0+dfsg1/include/win32.h:49:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/crossfire-1.71.0+dfsg1/include/win32.h:70:9: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#define popen(__a, __b) _popen(__a, __b)
data/crossfire-1.71.0+dfsg1/include/win32.h:72:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define vsnprintf _vsnprintf
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1159:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1165:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1214:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(message, buf);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:581:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:587:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:117:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:125:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:215:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, format, args);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:104:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, sizeof(buf), fmt, arg);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:1480:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:1486:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c:271:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c:277:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/citylife/citylife.c:91:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/citylife/citylife.c:97:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/common/plugin_common.c:1545:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buf, format, ap);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:102:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_NAME);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:108:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, size, PLUGIN_VERSION);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:188:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:196:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:207:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:214:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:221:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:238:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:245:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:279:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(context->message, buf);
data/crossfire-1.71.0+dfsg1/random_maps/main.c:274:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, format, ap);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:339:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.wallstyle, RP->wallstyle);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:340:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.floorstyle, RP->floorstyle);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:341:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.monsterstyle, mon);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:343:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.layoutstyle, style);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:344:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.decorstyle, decor);
data/crossfire-1.71.0+dfsg1/random_maps/special.c:346:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(hole.exitstyle, RP->exitstyle);
data/crossfire-1.71.0+dfsg1/server/alchemy.c:257:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, tmp->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:355:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->last_tell, op->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:649:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, sizeof(buf2), single_emotes[emotion - 1][1], op->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:675:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, sizeof(buf2), self_emotes[emotion - 1][1], op->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:689:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), other_emotes[emotion - 1][0], pl->ob->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:690:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf2, sizeof(buf2), other_emotes[emotion - 1][1], op->name);
data/crossfire-1.71.0+dfsg1/server/c_chat.c:691:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf3, sizeof(buf3), other_emotes[emotion - 1][2], op->name, pl->ob->name);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:60:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(map_path, m->path);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:62:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(map_path, m->path+strlen(m->path)-18);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:511:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(chars[num_players-1].namebuf, "%s", pl->ob->name);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:585:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, tmpbuf);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:590:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(outbuf, tmpbuf);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1047:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, i18n(pl, "[fixed] Experience: %"));
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1048:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, FMT64);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1052:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, i18n(pl, "[fixed] Next Level: %"));
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1053:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, FMT64);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1145:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, entry->d_name);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1256:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, types[i]);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1580:13: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, strtok(de->d_name, "."));
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1629:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(line, ap[i].name);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1940:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->new_password, crypt_string(op->contr->write_buf+1, NULL));
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1959:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->password, crypt_string(op->contr->write_buf+1, NULL));
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1994:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), i18n(op, "Your title is '%s'."), tmp);
data/crossfire-1.71.0+dfsg1/server/c_object.c:1583:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), tmp->nrof > 1 ? "They weigh %3.3f kg." : "It weighs %3.3f kg.", tmp->weight*((float)(tmp->nrof ? tmp->nrof : 1)/1000.0));
data/crossfire-1.71.0+dfsg1/server/c_object.c:1993:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->search_str, params);
data/crossfire-1.71.0+dfsg1/server/c_party.c:78:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(party_params, params);
data/crossfire-1.71.0+dfsg1/server/c_range.c:131:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp, spell_sort[i]);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1032:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spell_name, cp);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1403:18: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
else if (sscanf(params, "%s", buf))
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1584:14: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
|| ((q = sscanf(params, "%s %d %[^\r\n]", buf, &i, skill)) < 2)) {
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1727:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
|| sscanf(params, "%s %s %d", thing, thing2, &iii) != 3
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2014:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(line_buf, "%[^:]:%[^:]:%s\n", name, passwd, host) != 3) {
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2342:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, LIBDIR);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2344:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, params);
data/crossfire-1.71.0+dfsg1/server/gods.c:929:13: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, sizeof(buf), "%"FMT64, skillop->stats.exp);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:129:5: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(tmp[2], "%"FMT64, &sc->exp);
data/crossfire-1.71.0+dfsg1/server/init.c:588:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.meta_server, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:593:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.motd, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:598:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.dm_mail, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:603:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.meta_host, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:616:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.meta_comment, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:740:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.who_format, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:743:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(settings.who_wiz_format, cp);
data/crossfire-1.71.0+dfsg1/server/init.c:1243:5: [4] (shell) execl:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execl("/bin/uname", "uname", "-a", NULL);
data/crossfire-1.71.0+dfsg1/server/init.c:1436:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(cp, "RACE %s", variable)) { /* set new race value */
data/crossfire-1.71.0+dfsg1/server/init.c:1437:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(race, variable);
data/crossfire-1.71.0+dfsg1/server/login.c:56:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->maplevel, first_map_path);
data/crossfire-1.71.0+dfsg1/server/login.c:503:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->maplevel, first_map_path);
data/crossfire-1.71.0+dfsg1/server/login.c:558:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(bufall, "password %s\n", buf)) {
data/crossfire-1.71.0+dfsg1/server/login.c:596:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->savebed_map, first_map_path);
data/crossfire-1.71.0+dfsg1/server/login.c:605:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(bufall, "%s %d\n", buf, &value);
data/crossfire-1.71.0+dfsg1/server/login.c:757:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->maplevel, pl->savebed_map);
data/crossfire-1.71.0+dfsg1/server/login.c:768:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->maplevel, pl->savebed_map);
data/crossfire-1.71.0+dfsg1/server/pets.c:847:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, god->race);
data/crossfire-1.71.0+dfsg1/server/pets.c:857:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, god->race);
data/crossfire-1.71.0+dfsg1/server/player.c:218:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(subject, buf+1);
data/crossfire-1.71.0+dfsg1/server/player.c:333:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p->savebed_map, first_map_path); /* Init. respawn position */
data/crossfire-1.71.0+dfsg1/server/player.c:394:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->maplevel, first_map_path);
data/crossfire-1.71.0+dfsg1/server/player.c:1759:29: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(putstring, tmpstr);
data/crossfire-1.71.0+dfsg1/server/player.c:3801:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->maplevel, settings.emergency_mapname);
data/crossfire-1.71.0+dfsg1/server/player.c:4357:21: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, spellpathnames[i]);
data/crossfire-1.71.0+dfsg1/server/quest.c:206:17: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(read, "%s %d-%d\n", namedquest, &minstep, &maxstep)!=3) {
data/crossfire-1.71.0+dfsg1/server/quest.c:207:21: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(read, "%s <=%d\n", namedquest, &maxstep)== 2) {
data/crossfire-1.71.0+dfsg1/server/quest.c:210:28: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(read, "%s %d\n", namedquest, &minstep)==2) {
data/crossfire-1.71.0+dfsg1/server/quest.c:214:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(read, "%s finished\n", namedquest)==1) {
data/crossfire-1.71.0+dfsg1/server/quest.c:376:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(read, "include %s\n", includefile)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:490:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(read, "quest %s\n", data)) {
data/crossfire-1.71.0+dfsg1/server/resurrection.c:87:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, path);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:90:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(oldname, newname);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:100:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(newname, 0)) {
data/crossfire-1.71.0+dfsg1/server/resurrection.c:119:9: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s", buf2);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:121:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(buf, "%s %"FMT64, buf2, &exp);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:128:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf, "%s %d", buf2, &Con);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:190:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_to_resurrect, arg);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:217:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name_to_resurrect, temp->name);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:222:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (corpse_account) strcpy(corpse_account, temp->slaying);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:294:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, path);
data/crossfire-1.71.0+dfsg1/server/resurrection.c:296:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newname, filename);
data/crossfire-1.71.0+dfsg1/server/server.c:123:20: [4] (crypto) crypt:
The crypt functions use a poor one-way hashing algorithm; since they only
accept passwords of 8 characters or fewer and only a two-byte salt, they
are excessively vulnerable to dictionary attacks given today's faster
computing equipment (CWE-327). Use a different algorithm, such as SHA-256,
with a larger, non-repeating salt.
return (char *)crypt(str, s);
data/crossfire-1.71.0+dfsg1/server/server.c:171:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->savebed_map, settings.emergency_mapname);
data/crossfire-1.71.0+dfsg1/server/server.c:260:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(op->contr->maplevel, newmap->path);
data/crossfire-1.71.0+dfsg1/server/server.c:408:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp.origin_map, pl->map->path);
data/crossfire-1.71.0+dfsg1/server/server.c:594:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp.origin_map, pl->map->path);
data/crossfire-1.71.0+dfsg1/server/server.c:1316:20: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
} else if (sscanf(buf, "%s %d%*c%d\n", day, &start, &stop) != 3) {
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1445:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf1, sizeof(buf1), spell_ob->race, dir);
data/crossfire-1.71.0+dfsg1/server/swap.c:93:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(map->path, tmp[0]);
data/crossfire-1.71.0+dfsg1/server/win32.c:76:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec, dir);
data/crossfire-1.71.0+dfsg1/server/win32.c:167:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filespec, dir_Info->dir);
data/crossfire-1.71.0+dfsg1/socket/info.c:134:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buf, HUGE_BUF, format, ap);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:198:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf((char *)sl->buf+sl->len, size, format, arg);
data/crossfire-1.71.0+dfsg1/socket/request.c:2713:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->password, crypt_string(password, NULL));
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:78:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(rp.origin_map, map->path);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_shstr.c:66:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temp, str1);
data/crossfire-1.71.0+dfsg1/test/unit/common/stubs_common.c:20:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, format, ap);
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account_char.c:90:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(path,"%s/account", settings.localdir);
data/crossfire-1.71.0+dfsg1/types/food/food.c:193:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(who->contr->killer, food->name);
data/crossfire-1.71.0+dfsg1/types/player_changer/player_changer.c:82:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(player->contr->savebed_map, EXIT_PATH(op));
data/crossfire-1.71.0+dfsg1/types/savebed/savebed.c:88:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pl->contr->savebed_map, pl->map->path);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:116:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(source, add);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:229:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_result, values[var]);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:235:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(current_result, template);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:408:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(image_list_path, "%s/image_list", wikidir);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:487:23: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
res = fprintf(fp, template);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:567:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rowtext, "%s %i", attacktype_desc[j], at->clone.resist[j]);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:570:25: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(rowtext, "%s +%i", attacktype_desc[j], at->clone.resist[j]);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:663:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[keycount], "{{http://aaron.baugher.biz/images/cf/%s.png}}", at->clone.face->name);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:665:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf[keycount], "%s.png\n", at->clone.face->name);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:666:17: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(image_list, buf[keycount]);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:674:13: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, template);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:802:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, format, ap);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:907:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(source, add);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1020:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(current_result, values[var]);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1026:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(current_result, template);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1050:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(result, to+1);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1068:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(result, to);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1347:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, next);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1352:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, start);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1379:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(description, next);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1384:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, start);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1996:29: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ep, EXIT_PATH(item));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2184:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(index_path, dest);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2220:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(maphtml, mappath);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2274:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(html, reg->reg->name);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2279:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(html, root);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2281:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(html, reg->reg->name);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2316:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(index_path, root);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2357:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, root);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2397:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file, root);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2557:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(regionname, get_region_longname(map->cfregion));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2559:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(exit_path, map->cfregion->name);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3629:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dummy, root);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3934:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(logfile, format, ap);
data/crossfire-1.71.0+dfsg1/common/init.c:230:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_LIBDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:233:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_LOCALDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:236:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_PLAYERDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:239:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_MAPDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:242:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_ARCHETYPES");
data/crossfire-1.71.0+dfsg1/common/init.c:245:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_TREASURES");
data/crossfire-1.71.0+dfsg1/common/init.c:248:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_UNIQUEDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:251:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_TEMPLATEDIR");
data/crossfire-1.71.0+dfsg1/common/init.c:254:10: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
cp = getenv("CROSSFIRE_TMPDIR");
data/crossfire-1.71.0+dfsg1/include/define.h:914:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define RANDOM() random()
data/crossfire-1.71.0+dfsg1/include/define.h:915:22: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define SRANDOM(xyz) srandom(xyz)
data/crossfire-1.71.0+dfsg1/include/define.h:918:20: [3] (random) lrand48:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define RANDOM() lrand48()
data/crossfire-1.71.0+dfsg1/include/define.h:923:28: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
# define SRANDOM(xyz) srand(xyz)
data/crossfire-1.71.0+dfsg1/include/plugin.h:159:31: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define plugins_dlopen(fname) LoadLibrary(fname)
data/crossfire-1.71.0+dfsg1/random_maps/main.c:128:20: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((flag = getopt(argc, argv, "g:htx:y:")) != -1) {
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:50:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mapstruct *random;
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:108:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
mapstruct *random;
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:122:16: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
while (random != NULL) {
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:123:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
random = get_random_map(random);
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:124:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (!random)
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:128:19: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
old = random;
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:130:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (x = 0; x < MAP_WIDTH(random); x++) {
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:131:44: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (y = 0; y < MAP_HEIGHT(random); y++) {
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:132:45: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
for (check = GET_MAP_OB(random, x, y); check; check = check->above) {
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:183:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(100);
data/crossfire-1.71.0+dfsg1/common/anim.c:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/anim.c:65:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/anim.c:104:56: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (!(animations[num_animations].facings = atoi(buf+7))) {
data/crossfire-1.71.0+dfsg1/common/anim.c:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/arch.c:160:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/arch.c:414:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *variable = buf, *argument, *cp;
data/crossfire-1.71.0+dfsg1/common/arch.c:534:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/arch.c:541:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/arch.c:625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/artifact.c:200:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/artifact.c:255:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/artifact.c:480:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], buf[HUGE_BUF], *cp, *next;
data/crossfire-1.71.0+dfsg1/common/artifact.c:498:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/button.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/exp.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/exp.c:176:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/exp.c:199:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings.max_level = atoi(cp+9);
data/crossfire-1.71.0+dfsg1/common/holy.c:136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/holy.c:193:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/holy.c:350:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "(" name ": "); \
data/crossfire-1.71.0+dfsg1/common/holy.c:354:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, ", "); \
data/crossfire-1.71.0+dfsg1/common/holy.c:365:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, "(" name ": "); \
data/crossfire-1.71.0+dfsg1/common/holy.c:369:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(retbuf, ", "); \
data/crossfire-1.71.0+dfsg1/common/holy.c:389:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[HUGE_BUF], *final;
data/crossfire-1.71.0+dfsg1/common/holy.c:413:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n ");
data/crossfire-1.71.0+dfsg1/common/holy.c:416:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n aura:");
data/crossfire-1.71.0+dfsg1/common/holy.c:418:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n paths:");
data/crossfire-1.71.0+dfsg1/common/holy.c:420:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n ");
data/crossfire-1.71.0+dfsg1/common/holy.c:424:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n ");
data/crossfire-1.71.0+dfsg1/common/holy.c:428:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmpbuf, "\n ");
data/crossfire-1.71.0+dfsg1/common/image.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/image.c:127:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/image.c:153:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
on_face->visibility = atoi(buf+11);
data/crossfire-1.71.0+dfsg1/common/image.c:159:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int value = atoi(buf+9);
data/crossfire-1.71.0+dfsg1/common/image.c:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *p;
data/crossfire-1.71.0+dfsg1/common/image.c:187:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/image.c:325:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *p, *q;
data/crossfire-1.71.0+dfsg1/common/image.c:332:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/image.c:451:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[400];
data/crossfire-1.71.0+dfsg1/common/image.c:452:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/image.c:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *cps[7+1], *slash;
data/crossfire-1.71.0+dfsg1/common/image.c:460:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/image.c:470:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cps[0]);
data/crossfire-1.71.0+dfsg1/common/image.c:477:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
facesets[len].fallback = atoi(cps[3]);
data/crossfire-1.71.0+dfsg1/common/image.c:501:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((infile = fopen(filename, "rb")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/image.c:511:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
len = atoi(cp);
data/crossfire-1.71.0+dfsg1/common/info.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char attbuf[34];
data/crossfire-1.71.0+dfsg1/common/init.c:114:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const spellpathnames[NRSPELLPATHS] = {
data/crossfire-1.71.0+dfsg1/common/init.c:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], tmpbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/init.c:158:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/crossfire-1.71.0+dfsg1/common/init.c:169:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings.emergency_x = atoi(tmpbuf);
data/crossfire-1.71.0+dfsg1/common/init.c:171:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
settings.emergency_y = atoi(tmpbuf);
data/crossfire-1.71.0+dfsg1/common/init.c:273:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(settings.logfilename, "a");
data/crossfire-1.71.0+dfsg1/common/init.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/init.c:443:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/crossfire-1.71.0+dfsg1/common/init.c:457:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/init.c:468:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/crossfire-1.71.0+dfsg1/common/init.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/init.c:495:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/init.c:509:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/crossfire-1.71.0+dfsg1/common/init.c:536:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mess = atoi(p);
data/crossfire-1.71.0+dfsg1/common/init.c:542:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attack_mess[mess][level].level = atoi(buf);
data/crossfire-1.71.0+dfsg1/common/init.c:552:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attack_mess[mess][level].level = atoi(buf);
data/crossfire-1.71.0+dfsg1/common/init.c:562:46: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
attack_mess[mess][level].level = atoi(buf);
data/crossfire-1.71.0+dfsg1/common/item.c:1399:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op->anim_speed = atoi(key);
data/crossfire-1.71.0+dfsg1/common/item.c:1406:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
op->animation_id = atoi(key);
data/crossfire-1.71.0+dfsg1/common/languages.c:149:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/languages.c:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dirname[MAX_BUF], filename[MAX_BUF], line[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/languages.c:187:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/living.c:72:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *int_bonus_names[NUM_INT_BONUSES] = {
data/crossfire-1.71.0+dfsg1/common/living.c:88:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *float_bonus_names[NUM_FLOAT_BONUSES] = {
data/crossfire-1.71.0+dfsg1/common/living.c:126:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const attacks[NROFATTACKS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const drain_msg[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:147:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const restore_msg[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:158:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const gain_msg[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:169:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const lose_msg[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:180:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const statname[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:191:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const short_stat_name[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/common/living.c:400:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&refop, op, sizeof(object));
data/crossfire-1.71.0+dfsg1/common/living.c:1028:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wc_increase_rate = wc_in?atoi(wc_in):5;
data/crossfire-1.71.0+dfsg1/common/living.c:1151:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(op->body_used, op->body_info, sizeof(op->body_info));
data/crossfire-1.71.0+dfsg1/common/living.c:1756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/living.c:2045:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/living.c:2310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/living.c:2347:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp_bonus = atoi(cp);
data/crossfire-1.71.0+dfsg1/common/living.c:2386:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/living.c:2465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/living.c:2476:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/living.c:2499:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int newmax = atoi(cp+8);
data/crossfire-1.71.0+dfsg1/common/logger.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20480]; /* This needs to be really really big - larger
data/crossfire-1.71.0+dfsg1/common/logger.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char time_buf[2048];
data/crossfire-1.71.0+dfsg1/common/logger.c:101:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((logfile = fopen(settings.logfilename, "a")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/los.c:598:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAP_CLIENT_X*2+20], buf2[10];
data/crossfire-1.71.0+dfsg1/common/map.c:39:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const map_layer_name[MAP_LAYERS] = {
data/crossfire-1.71.0+dfsg1/common/map.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:909:33: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
items[i].strength = atoi(strchr(p, ':')+1);
data/crossfire-1.71.0+dfsg1/common/map.c:912:49: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
items[i].typenum = *p == '*' ? -1 : atoi(p);
data/crossfire-1.71.0+dfsg1/common/map.c:957:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF], *key = NULL, *value;
data/crossfire-1.71.0+dfsg1/common/map.c:1049:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msgbuf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1071:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maplorebuf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1101:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->enter_x = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1103:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->enter_y = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1105:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->width = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1107:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->height = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1109:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->reset_timeout = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1111:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->timeout = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1113:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->difficulty = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1115:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->darkness = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1117:34: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->fixed_resettime = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1119:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->unique = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1121:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->is_template = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1129:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->shopmin = atol(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1131:26: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->shopmax = atol(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1135:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->outdoor = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1137:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->nosmooth = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1139:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
m->last_reset_time.tv_sec = atoi(value);
data/crossfire-1.71.0+dfsg1/common/map.c:1141:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int tile = atoi(key+10);
data/crossfire-1.71.0+dfsg1/common/map.c:1146:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1210:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1220:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pathname, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/map.c:1221:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1275:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(m->tmpname, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/map.c:1304:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1308:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(pathname, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/map.c:1364:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char firstname[MAX_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1376:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(firstname, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/map.c:1411:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], buf[MAX_BUF], shop[MAX_BUF], final[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1439:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/crossfire-1.71.0+dfsg1/common/map.c:1516:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF], final_unique[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:1521:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp2 = fopen(buf, "w")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/map.c:1804:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullpath[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:2200:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(GET_MAP_FACE_OBJS(m, x, y), layers, sizeof(object *)*MAP_LAYERS);
data/crossfire-1.71.0+dfsg1/common/map.c:2239:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/map.c:2631:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char base[HUGE_BUF], path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/object.c:871:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void)memcpy((void *)((char *)dest_ob+offsetof(object, name)),
data/crossfire-1.71.0+dfsg1/common/object.c:905:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_ob->discrete_damage, src_ob->discrete_damage, sizeof(sint16)*NROFATTACKS);
data/crossfire-1.71.0+dfsg1/common/object.c:910:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_ob->spell_tags, src_ob->spell_tags, sizeof(tag_t)*SPELL_TAG_SIZE);
data/crossfire-1.71.0+dfsg1/common/object.c:4488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, local_name[MAX_BUF], name_op[MAX_BUF], name_short[HUGE_BUF], bname_s[MAX_BUF], bname_p[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/object.c:4513:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(cp);
data/crossfire-1.71.0+dfsg1/common/porting.c:145:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(tempname, O_CREAT|O_EXCL|O_RDWR, S_IRUSR|S_IWUSR);
data/crossfire-1.71.0+dfsg1/common/porting.c:180:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/porting.c:582:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp = buf;
data/crossfire-1.71.0+dfsg1/common/porting.c:595:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/re-cmp.c:66:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *re_substr[RE_TOKEN_MAX];
data/crossfire-1.71.0+dfsg1/common/readable.c:644:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tbuf, buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:675:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tbuf, buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], msgbuf[HUGE_BUF], fname[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/readable.c:734:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/crossfire-1.71.0+dfsg1/common/readable.c:776:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp->chance = atoi(buf + 7);
data/crossfire-1.71.0+dfsg1/common/readable.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], fname[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/common/readable.c:838:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/crossfire-1.71.0+dfsg1/common/readable.c:1111:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:1317:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:1756:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *final, km[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:1838:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:1900:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char km[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:1974:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BOOK_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:2136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/readable.c:2147:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/crossfire-1.71.0+dfsg1/common/recipe.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], buf[MAX_BUF], *cp, *next;
data/crossfire-1.71.0+dfsg1/common/recipe.c:177:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/recipe.c:320:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/recipe.c:439:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part1[100];
data/crossfire-1.71.0+dfsg1/common/recipe.c:440:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char part2[100];
data/crossfire-1.71.0+dfsg1/common/recipe.c:526:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/recipe.c:600:9: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (atoi(cp))
data/crossfire-1.71.0+dfsg1/common/recipe.c:616:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((numb = atoi(buf)))
data/crossfire-1.71.0+dfsg1/common/region.c:290:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/region.c:297:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/region.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF], msgbuf[HUGE_BUF], *key = NULL, *value, *end;
data/crossfire-1.71.0+dfsg1/common/region.c:419:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/region.c:474:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
new->fallback = atoi(value);
data/crossfire-1.71.0+dfsg1/common/shstr.c:324:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char line[80];
data/crossfire-1.71.0+dfsg1/common/stringbuffer.c:100:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sb->buf+sb->pos, str, len);
data/crossfire-1.71.0+dfsg1/common/stringbuffer.c:133:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sb->buf+sb->pos, sb2->buf, sb2->pos);
data/crossfire-1.71.0+dfsg1/common/time.c:46:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const season_name[SEASONS_PER_YEAR+1] = {
data/crossfire-1.71.0+dfsg1/common/time.c:56:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const weekdays[DAYS_PER_WEEK] = {
data/crossfire-1.71.0+dfsg1/common/time.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const month_name[MONTHS_PER_YEAR] = {
data/crossfire-1.71.0+dfsg1/common/time.c:87:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const periodsofday[PERIODS_PER_DAY] = {
data/crossfire-1.71.0+dfsg1/common/time.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[128];
data/crossfire-1.71.0+dfsg1/common/treasure.c:139:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp, variable[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/treasure.c:229:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], buf[MAX_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/treasure.c:235:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/common/treasure.c:1481:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/utils.c:389:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *p, tmp[MAX_BUF];
data/crossfire-1.71.0+dfsg1/common/utils.c:406:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(input, " and");
data/crossfire-1.71.0+dfsg1/include/attack.h:135:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const change_resist_msg[NROFATTACKS];
data/crossfire-1.71.0+dfsg1/include/attack.h:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const resist_plus[NROFATTACKS];
data/crossfire-1.71.0+dfsg1/include/attack.h:137:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const attacktype_desc[NROFATTACKS];
data/crossfire-1.71.0+dfsg1/include/attack.h:138:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const resist_save[NROFATTACKS];
data/crossfire-1.71.0+dfsg1/include/attack.h:145:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const resist_save[NROFATTACKS] = {
data/crossfire-1.71.0+dfsg1/include/attack.h:154:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const attacktype_desc[NROFATTACKS] = {
data/crossfire-1.71.0+dfsg1/include/attack.h:163:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const resist_plus[NROFATTACKS] = {
data/crossfire-1.71.0+dfsg1/include/attack.h:178:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN const char *const change_resist_msg[NROFATTACKS] = {
data/crossfire-1.71.0+dfsg1/include/global.h:201:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char first_map_path[MAX_BUF]; /**< The start-level. */
data/crossfire-1.71.0+dfsg1/include/global.h:202:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
EXTERN char first_map_ext_path[MAX_BUF]; /**< Path used for per-race start maps. */
data/crossfire-1.71.0+dfsg1/include/global.h:342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char who_format[MAX_BUF]; /**< The format that the who command should use */
data/crossfire-1.71.0+dfsg1/include/global.h:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char who_wiz_format[MAX_BUF]; /**< The format that the who command should use when called by a dm*/
data/crossfire-1.71.0+dfsg1/include/global.h:344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char motd[MAX_BUF]; /**< Name of the motd file */
data/crossfire-1.71.0+dfsg1/include/global.h:347:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dm_mail[MAX_BUF]; /**< DM's Email address */
data/crossfire-1.71.0+dfsg1/include/global.h:353:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meta_server[MAX_BUF]; /**< Hostname/ip addr of the metaserver */
data/crossfire-1.71.0+dfsg1/include/global.h:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meta_host[MAX_BUF]; /**< Hostname of this host */
data/crossfire-1.71.0+dfsg1/include/global.h:356:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char meta_comment[MAX_BUF]; /**< Comment we send to the metaserver */
data/crossfire-1.71.0+dfsg1/include/living.h:24:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const attacks[NROFATTACKS];
data/crossfire-1.71.0+dfsg1/include/living.h:26:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const restore_msg[NUM_STATS];
data/crossfire-1.71.0+dfsg1/include/living.h:27:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const statname[NUM_STATS];
data/crossfire-1.71.0+dfsg1/include/living.h:28:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const short_stat_name[NUM_STATS];
data/crossfire-1.71.0+dfsg1/include/living.h:29:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const lose_msg[NUM_STATS];
data/crossfire-1.71.0+dfsg1/include/map.h:34:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const map_layer_name[MAP_LAYERS];
data/crossfire-1.71.0+dfsg1/include/map.h:363:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tile_path[4]; /**< Path to adjoining maps. */
data/crossfire-1.71.0+dfsg1/include/map.h:365:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HUGE_BUF]; /**< Filename of the map. */
data/crossfire-1.71.0+dfsg1/include/newserver.h:88:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[SOCKETBUFSIZE];
data/crossfire-1.71.0+dfsg1/include/party.h:12:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char passwd[9]; /**< Party password. */
data/crossfire-1.71.0+dfsg1/include/party.h:18:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killer[MAX_NAME+1], dead[MAX_NAME+1];
data/crossfire-1.71.0+dfsg1/include/player.h:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maplevel[MAX_BUF]; /**< On which level is the player? */
data/crossfire-1.71.0+dfsg1/include/player.h:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savebed_map[MAX_BUF]; /**< Map where player will respawn after death. */
data/crossfire-1.71.0+dfsg1/include/player.h:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spellparam[MAX_BUF]; /**< What param to add to spells. */
data/crossfire-1.71.0+dfsg1/include/player.h:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char own_title[MAX_NAME]; /**< Title the player has chosen for themself.
data/crossfire-1.71.0+dfsg1/include/player.h:165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[BIG_NAME]; /**< Default title, like fighter, wizard, etc. */
data/crossfire-1.71.0+dfsg1/include/player.h:171:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killer[BIG_NAME]; /**< Who killed this player. */
data/crossfire-1.71.0+dfsg1/include/player.h:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char last_tell[MAX_NAME]; /**< last player that told you something [mids 01/14/2002]. */
data/crossfire-1.71.0+dfsg1/include/player.h:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write_buf[MAX_BUF]; /**< Holds arbitrary input from client. */
data/crossfire-1.71.0+dfsg1/include/player.h:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input_buf[MAX_BUF]; /**< Holds command to run. */
data/crossfire-1.71.0+dfsg1/include/player.h:176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char password[16]; /**< 2 (seed) + 11 (crypted) + 1 (EOS) + 2 (safety) = 16 */
data/crossfire-1.71.0+dfsg1/include/player.h:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_password[16]; /**< 2 (seed) + 11 (crypted) + 1 (EOS) + 2 (safety) = 16 */
data/crossfire-1.71.0+dfsg1/include/player.h:192:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char search_str[MAX_BUF]; /**< Item we are looking for. */
data/crossfire-1.71.0+dfsg1/include/plugin.h:150:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[MAX_BUF]; /**< Plugin identification string */
data/crossfire-1.71.0+dfsg1/include/plugin.h:151:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_BUF]; /**< Plugin full name */
data/crossfire-1.71.0+dfsg1/include/plugin.h:355:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char fname[256]; /**< Function name. */
data/crossfire-1.71.0+dfsg1/include/shared/newclient.h:653:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char buf[MAXSOCKBUF]; /* 2(size)+65535(content)+1(ending NULL) */
data/crossfire-1.71.0+dfsg1/include/shstr.h:84:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[PADDING];
data/crossfire-1.71.0+dfsg1/include/skills.h:125:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *skill_names[NUM_SKILLS];
data/crossfire-1.71.0+dfsg1/include/spellist.h:13:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *spellpathnames[NRSPELLPATHS] = {
data/crossfire-1.71.0+dfsg1/include/spells.h:41:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char *const spellpathnames[NRSPELLPATHS];
data/crossfire-1.71.0+dfsg1/include/win32.h:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char d_name[_MAX_FNAME+1]; /* filename (null terminated) */
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:350:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapx = atoi(parameters);
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:363:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mapy = atoi(parameters);
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:623:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tick = atoi(time);
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:825:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:831:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fichier = fopen(file, "r");
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1101:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&yesterday, &now, sizeof(struct timeval));
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1106:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&yesterday, &now, sizeof(struct timeval));
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *buf, message[MAX_BUF], script[MAX_BUF];
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:86:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*format = atoi(argv[0]);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:340:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(line[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:374:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(line[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:412:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(line[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[50];
data/crossfire-1.71.0+dfsg1/plugins/cflogger/cflogger.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[500];
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:79:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
id = atoi(line[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:153:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[500];
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:237:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
deaths = atoi(results[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:256:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
deaths = atoi(results[ncolumn]);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char where[50];
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:311:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char contents[5000];
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:314:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[50];
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:335:15: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
end = atol(results[ncolumn+1]);
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:337:21: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atol(results[ncolumn+2]);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:100:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:626:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message, buf[2048];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:655:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:760:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(filename, O_RDONLY);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:951:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:961:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
PyModule_AddIntConstant(new, (char *)constants[i].name, constants[i].value);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:983:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:991:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
PyModule_AddIntConstant(new, (char *)constants[i].name, constants[i].value);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:1494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024], path[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:1530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[MAX_NAME];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bed[200];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[200];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:563:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[200];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:2125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[255];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:2208:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *message, buf[2048];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:2252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[200];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cjson.c:665:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "\\u%04x", c&0xff);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython.h:125:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython.h:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char script[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfpython/include/cfpython.h:129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[1024];
data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c:128:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char r[500];
data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c:154:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char params[MAX_BUF];
data/crossfire-1.71.0+dfsg1/plugins/common/plugin_common.c:1539:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20480]; /* This needs to be really really big - larger than any other buffer, since that buffer may
data/crossfire-1.71.0+dfsg1/plugins/template/include/plugin_template.h:62:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/crossfire-1.71.0+dfsg1/plugins/template/include/plugin_template.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char options[1024];
data/crossfire-1.71.0+dfsg1/random_maps/decor.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style_name[256];
data/crossfire-1.71.0+dfsg1/random_maps/door.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doorpath[128];
data/crossfire-1.71.0+dfsg1/random_maps/exit.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styledirname[256];
data/crossfire-1.71.0+dfsg1/random_maps/exit.c:148:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512];
data/crossfire-1.71.0+dfsg1/random_maps/floor.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styledirname[256];
data/crossfire-1.71.0+dfsg1/random_maps/main.c:142:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width = atoi(optarg);
data/crossfire-1.71.0+dfsg1/random_maps/main.c:145:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
height = atoi(optarg);
data/crossfire-1.71.0+dfsg1/random_maps/monster.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styledirname[256];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:19:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wallstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:24:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wall_name[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char floorstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char monsterstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:39:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char treasurestyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:41:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layoutstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char doorstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:48:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char decorstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char origin_map[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_map[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final_exit_archetype[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exitstyle[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char this_map[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_on_final_map[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/random_map.h:67:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dungeon_name[RM_SIZE];
data/crossfire-1.71.0+dfsg1/random_maps/special.c:133:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_map->shopitems, in_map->shopitems, in_map->shopitems[0].index * sizeof(shopitems));
data/crossfire-1.71.0+dfsg1/random_maps/special.c:342:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hole.treasurestyle, "none");
data/crossfire-1.71.0+dfsg1/random_maps/special.c:345:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(hole.doorstyle, "none");
data/crossfire-1.71.0+dfsg1/random_maps/style.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[NAME_MAX+1], **rn = NULL;
data/crossfire-1.71.0+dfsg1/random_maps/style.c:177:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style_file_path[256];
data/crossfire-1.71.0+dfsg1/random_maps/style.c:178:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style_file_full_path[256];
data/crossfire-1.71.0+dfsg1/random_maps/style.c:199:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style_dir_full_path[256];
data/crossfire-1.71.0+dfsg1/random_maps/style.c:251:43: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dist = abs(difficulty-atoi(mfile_name));
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styledirname[256];
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:91:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stylefilepath[256];
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:288:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[256];
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[256];
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:778:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *doors[2];
data/crossfire-1.71.0+dfsg1/random_maps/treasure.c:991:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keybuf[256];
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char styledirname[256];
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:249:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wall_name[64];
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:272:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_0");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:276:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_1_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:280:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_1_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:284:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_1_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:288:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_1_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:292:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_2_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:296:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_2_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:300:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_3_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:304:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_1_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:308:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_2_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:312:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_2_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:316:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_3_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:320:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_2_1_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:324:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_3_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:328:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_3_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:332:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(wall_name, "_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:413:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_0");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:417:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_1_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:421:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_1_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:425:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_1_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:429:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_1_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:433:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_2_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:437:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_2_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:441:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_3_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:445:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_1_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:449:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_2_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:453:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_2_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:457:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_3_3");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:461:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_2_1_1");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:465:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_3_4");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:469:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_3_2");
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:473:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(RP->wall_name, "_4");
data/crossfire-1.71.0+dfsg1/server/account.c:74:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *character_names[MAX_CHARACTERS_PER_ACCOUNT+1];
data/crossfire-1.71.0+dfsg1/server/account.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF], buf[VERY_BIG_BUF];
data/crossfire-1.71.0+dfsg1/server/account.c:126:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp=fopen(fname,"r");
data/crossfire-1.71.0+dfsg1/server/account.c:131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/account.c:136:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp[NUM_ACCOUNT_FIELDS], *cp;
data/crossfire-1.71.0+dfsg1/server/account.c:264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF], fname1[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/account.c:273:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname,"w");
data/crossfire-1.71.0+dfsg1/server/account.c:275:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/account_char.c:78:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF], buf[VERY_BIG_BUF];
data/crossfire-1.71.0+dfsg1/server/account_char.c:83:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "r");
data/crossfire-1.71.0+dfsg1/server/account_char.c:92:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp[NUM_ACCOUNT_CHAR_FIELDS], *cp;
data/crossfire-1.71.0+dfsg1/server/account_char.c:144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF], fname1[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/account_char.c:159:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(fname, "w");
data/crossfire-1.71.0+dfsg1/server/account_char.c:161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/alchemy.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/alchemy.c:894:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_ob[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/alchemy.c:1020:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:219:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_sack[MAX_BUF], name_tmp[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:590:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:677:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:843:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:1087:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:1669:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:1717:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:1729:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/apply.c:1819:32: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
item_will = will != NULL ? atol(will) : 0;
data/crossfire-1.71.0+dfsg1/server/apply.c:1917:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:175:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:431:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], buf1[MAX_BUF], buf2[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1165:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_hitter[MAX_BUF], name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char kill_message[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1626:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/crossfire-1.71.0+dfsg1/server/attack.c:1627:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1642:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killed[MAX_BUF], with[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1650:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killed[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1708:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF], name_hitter[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1774:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:1775:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/attack.c:2270:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char victim[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/ban.c:35:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/ban.c:36:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char log_buf0[160], host_buf[64], line_buf[160];
data/crossfire-1.71.0+dfsg1/server/ban.c:53:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bannedfile = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/ban.c:64:26: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bannedfile = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/build_map.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:182:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:333:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char archetype[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:630:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char current_basename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:631:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_basename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:703:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char archetype[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:729:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(underscore, "win1");
data/crossfire-1.71.0+dfsg1/server/build_map.c:731:17: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(underscore, "win2");
data/crossfire-1.71.0+dfsg1/server/build_map.c:796:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/build_map.c:887:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:76:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const orcknuckle[7] = {
data/crossfire-1.71.0+dfsg1/server/c_chat.c:104:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:105:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:231:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_chat.c:643:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], buf2[MAX_BUF], buf3[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:453:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:571:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:572:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:575:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(outbuf, "[fixed]");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:771:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char stats[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1041:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1235:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1385:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
target = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], line[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char suffix[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1600:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], line[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1697:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1759:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1975:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1991:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_misc.c:2131:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int target = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:2242:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
level = atoi(slevel);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:2243:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
exp = atoi(sexp);
data/crossfire-1.71.0+dfsg1/server/c_new.c:153:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dir = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_new.c:188:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dir = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_object.c:254:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:315:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:364:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failure[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:663:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_sack[MAX_BUF], name_tmp[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:734:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failure[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:821:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char failure[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:833:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:1133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:1273:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:1408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[VERY_BIG_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:1415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[MAX_BUF] = "That is";
data/crossfire-1.71.0+dfsg1/server/c_object.c:1521:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[100];
data/crossfire-1.71.0+dfsg1/server/c_object.c:1657:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weight[MAX_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:2016:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[VERY_BIG_BUF], name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:2029:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
itemnumber = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_object.c:2204:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/c_object.c:2245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *with, copy[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_party.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char party_params[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_party.c:77:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(party_params, "say ");
data/crossfire-1.71.0+dfsg1/server/c_party.c:116:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_range.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spell_sort[NROFREALSPELLS][MAX_BUF], tmp[MAX_BUF], *cp;
data/crossfire-1.71.0+dfsg1/server/c_range.c:127:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "asdfg"); /* Dummy string so initial compare fails */
data/crossfire-1.71.0+dfsg1/server/c_range.c:159:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, cpy[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_range.c:169:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if ((spellnumber = atoi(cpy)) != 0)
data/crossfire-1.71.0+dfsg1/server/c_range.c:301:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:300:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:393:42: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return object_find_by_tag_global(atol(params+1));
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:475:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(op->contr->killer, "left");
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:515:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:530:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((banishfile = fopen(buf, "a")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:599:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:734:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ticks = atoi(params);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:963:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, *bp, *bp2, *bp3, *endline, cpy[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1020:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spell_name[MAX_BUF], *fsp = NULL;
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1512:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1576:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], skill[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1719:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char thing[20], thing2[20];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1787:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1998:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1999:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line_buf[160], name[160], passwd[160], host[160];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2006:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((dmfile = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2334:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2343:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "/plugins/");
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2562:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[MAX_BUF], where[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/daemon.c:90:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
(void)open("/dev/null", O_RDONLY); /* root inode already in core */
data/crossfire-1.71.0+dfsg1/server/daemon.c:94:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((i = open("/dev/tty", O_RDWR)) >= 0) { /* did open succeed? */
data/crossfire-1.71.0+dfsg1/server/disease.c:398:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/crossfire-1.71.0+dfsg1/server/disease.c:633:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:195:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:567:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(skop->resist, new_god->resist, sizeof(new_god->resist));
data/crossfire-1.71.0+dfsg1/server/gods.c:879:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:1261:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:1277:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/gods.c:1373:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[BIG_NAME]; /**< Name. */
data/crossfire-1.71.0+dfsg1/server/hiscore.c:29:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[BIG_NAME]; /**< Title. */
data/crossfire-1.71.0+dfsg1/server/hiscore.c:30:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char killer[BIG_NAME]; /**< Name (+ title) or "left". */
data/crossfire-1.71.0+dfsg1/server/hiscore.c:32:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maplevel[BIG_NAME]; /**< Killed on what level. */
data/crossfire-1.71.0+dfsg1/server/hiscore.c:43:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[MAX_BUF]; /**< Filename of the backing file. */
data/crossfire-1.71.0+dfsg1/server/hiscore.c:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:79:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(table->fname, "w");
data/crossfire-1.71.0+dfsg1/server/hiscore.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp[8];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:252:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(table->fname, "r");
data/crossfire-1.71.0+dfsg1/server/hiscore.c:257:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:264:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bufscore[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/hiscore.c:335:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(new_score.killer, "a dungeon collapse");
data/crossfire-1.71.0+dfsg1/server/hiscore.c:400:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scorebuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/init.c:249:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(val);
data/crossfire-1.71.0+dfsg1/server/init.c:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], filename[MAX_BUF], *cp, *next;
data/crossfire-1.71.0+dfsg1/server/init.c:456:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/init.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp, dummy[1];
data/crossfire-1.71.0+dfsg1/server/init.c:551:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/server/init.c:609:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int port = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:618:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:625:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:632:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:639:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:646:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:653:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int size = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:660:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int lev = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:763:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:769:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:775:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:803:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sint16 val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:810:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:817:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int max_e = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:823:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int wr = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:837:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int wr = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:880:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int pkmep = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:913:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:921:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:929:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:938:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(cp);
data/crossfire-1.71.0+dfsg1/server/init.c:992:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(settings.who_format, "%N_%T%t%h%d%b%n<%m>");
data/crossfire-1.71.0+dfsg1/server/init.c:994:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(settings.who_wiz_format, "%N_%T%t%h%d%b%nLevel %l <%m>(@%i)(%c)");
data/crossfire-1.71.0+dfsg1/server/init.c:1176:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/init.c:1181:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) != NULL) {
data/crossfire-1.71.0+dfsg1/server/init.c:1203:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/init.c:1406:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char race[MAX_BUF], fname[MAX_BUF], buf[MAX_BUF], *cp, variable[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/init.c:1417:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(file = fopen(fname, "r"))) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:177:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(value);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:178:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
index = atoi(dot + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:237:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/knowledge.c:346:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/knowledge.c:693:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
what = atoi(pos + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:746:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
what = atoi(pos + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:757:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
known = atoi(pos + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:780:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/knowledge.c:875:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write[MAX_BUF], final[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/knowledge.c:882:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(write, "w+");
data/crossfire-1.71.0+dfsg1/server/knowledge.c:906:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[MAX_BUF], read[MAX_BUF], *dot;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:912:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(final, "r");
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1145:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(params) - 1;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1171:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(params) - 1;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1279:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[MAX_BUF], *pos;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1316:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_name[MAX_BUF], *result;
data/crossfire-1.71.0+dfsg1/server/login.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:106:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:120:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/login.c:209:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF], *tmpfilename, backupfile[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:388:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/crossfire-1.71.0+dfsg1/server/login.c:437:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:439:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/crossfire-1.71.0+dfsg1/server/login.c:493:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:494:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], bufall[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/login.c:538:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/crossfire-1.71.0+dfsg1/server/monster.c:343:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2];
data/crossfire-1.71.0+dfsg1/server/monster.c:349:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(talked);
data/crossfire-1.71.0+dfsg1/server/monster.c:2013:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/monster.c:2087:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char own[MAX_BUF], others[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/monster.c:2173:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[2];
data/crossfire-1.71.0+dfsg1/server/monster.c:2257:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char what[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/monster.c:2402:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/move.c:272:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/party.c:40:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/party.c:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/party.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/party.c:343:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(party->party_kills[i]), &(party->party_kills[i+1]), sizeof(party->party_kills[0]));
data/crossfire-1.71.0+dfsg1/server/pets.c:673:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/pets.c:838:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:132:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char motd[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:138:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/player.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rules[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:168:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/player.c:196:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:197:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char news[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:198:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char subject[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:203:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/server/player.c:413:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&p->socket, ns, sizeof(socket_struct));
data/crossfire-1.71.0+dfsg1/server/player.c:1264:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:1300:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:1441:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:1551:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:1577:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(op->contr->killer, "quit");
data/crossfire-1.71.0+dfsg1/server/player.c:1680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char putstring[128], tmpstr[16];
data/crossfire-1.71.0+dfsg1/server/player.c:2404:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:2583:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_tmp[MAX_BUF], name_cont[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:2618:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3161:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3227:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3432:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3511:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(op->contr->killer, "starvation");
data/crossfire-1.71.0+dfsg1/server/player.c:3538:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3760:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:3761:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ac_buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/player.c:4252:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF]; /* tmp. string buffer */
data/crossfire-1.71.0+dfsg1/server/player.c:4354:25: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, " and ");
data/crossfire-1.71.0+dfsg1/server/player.c:4381:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/plugins.c:265:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/crossfire-1.71.0+dfsg1/server/plugins.c:3942:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/plugins.c:4100:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/plugins.c:4782:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:169:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namedquest[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:172:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char includefile[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[MAX_BUF], read[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:181:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(final, "r");
data/crossfire-1.71.0+dfsg1/server/quest.c:377:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char inc_path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:472:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char final[MAX_BUF], read[MAX_BUF], data[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:483:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(final, "r");
data/crossfire-1.71.0+dfsg1/server/quest.c:553:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char write[MAX_BUF], final[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:559:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(write, "w+");
data/crossfire-1.71.0+dfsg1/server/quest.c:1140:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int number = atoi(params+5);
data/crossfire-1.71.0+dfsg1/server/quest.c:1157:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char prefix[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:88:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newname, ".pl");
data/crossfire-1.71.0+dfsg1/server/resurrection.c:91:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(oldname, ".dead");
data/crossfire-1.71.0+dfsg1/server/resurrection.c:93:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(deadplayer = fopen(oldname, "r"))) {
data/crossfire-1.71.0+dfsg1/server/resurrection.c:108:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(liveplayer = fopen(newname, "w"))) {
data/crossfire-1.71.0+dfsg1/server/resurrection.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_to_resurrect[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:289:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/resurrection.c:295:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".pl");
data/crossfire-1.71.0+dfsg1/server/resurrection.c:297:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(newname, ".dead");
data/crossfire-1.71.0+dfsg1/server/rune.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:49:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char days[7][4] = {
data/crossfire-1.71.0+dfsg1/server/server.c:110:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[2];
data/crossfire-1.71.0+dfsg1/server/server.c:396:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmap_name[HUGE_BUF], *cp;
data/crossfire-1.71.0+dfsg1/server/server.c:420:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:465:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpnum[32], exitpath[HUGE_BUF], resultname[HUGE_BUF], tmpstring[HUGE_BUF], *sourcemap;
data/crossfire-1.71.0+dfsg1/server/server.c:466:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_map_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:523:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:558:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpnum[32], resultname[HUGE_BUF], tmpstring[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:559:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char new_map_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:625:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char apartment[HUGE_BUF], path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:636:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reldir[HUGE_BUF], tmpc[HUGE_BUF], *cp;
data/crossfire-1.71.0+dfsg1/server/server.c:797:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_path[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:1241:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pl->ob->contr->killer, "left");
data/crossfire-1.71.0+dfsg1/server/server.c:1258:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:1295:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], day[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/server.c:1305:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL)
data/crossfire-1.71.0+dfsg1/server/shop.c:971:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], coinbuf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/shop.c:1009:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/shop.c:1079:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF], *value;
data/crossfire-1.71.0+dfsg1/server/shop.c:1332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[MAX_BUF] = "\0", *value;
data/crossfire-1.71.0+dfsg1/server/shop.c:1355:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tmp, "a little of everything.");
data/crossfire-1.71.0+dfsg1/server/skill_util.c:52:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *skill_names[NUM_SKILLS];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:210:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *skill_names[NUM_SKILLS];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:591:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:836:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skills[NUM_SKILLS][MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:840:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:1147:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weapon[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:1175:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:1191:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skill_util.c:1301:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weaponname[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:234:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:797:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:955:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1109:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1342:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BOOK_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1577:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1809:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/skills.c:1953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_attack.c:604:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char target_name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_attack.c:917:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
immunity_chance = atoi(race);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:77:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:245:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:545:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
} else if (atoi(stringarg) < missile_plus)
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:546:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
missile_plus = atoi(stringarg);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:991:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cp, buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1127:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portal_name [1024], portal_message [1024];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1443:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1819:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *const no_gain_msgs[NUM_STATS] = {
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2384:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2919:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2996:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:3060:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wn[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:3300:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&force->resist, spell->resist, sizeof(spell->resist));
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:3335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rune[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:414:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
irate = atoi(rate);
data/crossfire-1.71.0+dfsg1/server/spell_util.c:1236:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:1355:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *ingredients[10];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:1359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_ob[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:1704:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:2001:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dur[10];
data/crossfire-1.71.0+dfsg1/server/spell_util.c:2032:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (spell->duration == atoi(key)) {
data/crossfire-1.71.0+dfsg1/server/spell_util.c:2040:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (spell->duration == atoi(key)) {
data/crossfire-1.71.0+dfsg1/server/swap.c:34:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/swap.c:38:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(buf, "w"))) {
data/crossfire-1.71.0+dfsg1/server/swap.c:71:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/swap.c:76:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(buf, "r"))) {
data/crossfire-1.71.0+dfsg1/server/swap.c:81:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *tmp[3];
data/crossfire-1.71.0+dfsg1/server/time.c:288:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int limit = atoi(value), num_generated = 0;
data/crossfire-1.71.0+dfsg1/server/time.c:292:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num_generated = atoi(value);
data/crossfire-1.71.0+dfsg1/server/time.c:298:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[50];
data/crossfire-1.71.0+dfsg1/server/time.c:340:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/server/win32.c:80:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec, "/*");
data/crossfire-1.71.0+dfsg1/server/win32.c:171:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filespec, "/*");
data/crossfire-1.71.0+dfsg1/server/win32.c:213:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDir[1024];
data/crossfire-1.71.0+dfsg1/server/win32.c:218:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(strDir, " -srv");
data/crossfire-1.71.0+dfsg1/server/win32.c:339:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strDir[1024];
data/crossfire-1.71.0+dfsg1/socket/image.c:41:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
long tmpnum = atoi(buff);
data/crossfire-1.71.0+dfsg1/socket/image.c:136:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
start = atoi(params);
data/crossfire-1.71.0+dfsg1/socket/image.c:141:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
stop = atoi(cp);
data/crossfire-1.71.0+dfsg1/socket/info.c:130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/socket/info.c:181:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/info.c:381:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_mark[MAGIC_MAP_SIZE*MAGIC_MAP_SIZE];
data/crossfire-1.71.0+dfsg1/socket/init.c:173:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[MAX_BUF], buf2[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/init.c:174:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/init.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/init.c:355:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(init_sockets[i].listen->addr, ai_p->ai_addr, ai_p->ai_addrlen);
data/crossfire-1.71.0+dfsg1/socket/item.c:115:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_n[MAX_BUF], item_p[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:187:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:458:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_p[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:459:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_n[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:617:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/item.c:636:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tag = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/item.c:722:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:755:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/item.c:819:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dx = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/item.c:823:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dy = atoi(cp);
data/crossfire-1.71.0+dfsg1/socket/loop.c:419:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/loop.c:455:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/loop.c:491:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:157:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sl->buf+sl->len, data, len);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:407:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->outputbuffer.data+end, buf, len);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:409:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->outputbuffer.data+end, buf, avail);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:410:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ns->outputbuffer.data, buf+avail, len-avail);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:448:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:482:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/metaserver.c:162:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF], *cp, dummy[1];
data/crossfire-1.71.0+dfsg1/socket/metaserver.c:204:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(buf, "r")) == NULL) {
data/crossfire-1.71.0+dfsg1/socket/metaserver.c:256:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
local_info.portnumber = atoi(cp);
data/crossfire-1.71.0+dfsg1/socket/metaserver.c:359:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:140:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ns->sound = atoi(param)&(SND_EFFECTS|SND_MUSIC|SND_MUTE);
data/crossfire-1.71.0+dfsg1/socket/request.c:145:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
monitor_spells = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:155:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
darkness = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:165:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map2cmd = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:174:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
facecache = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:182:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int q = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:217:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tick = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:227:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
is_bot = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:237:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
want_pickup = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:248:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tmp = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:265:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
extended_stats = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:276:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
loginmethod = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:287:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
notifications = atoi(param);
data/crossfire-1.71.0+dfsg1/socket/request.c:416:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
facenbr = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/request.c:435:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:568:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ns->cs_version = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/request.c:578:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ns->sc_version = atoi(cp);
data/crossfire-1.71.0+dfsg1/socket/request.c:638:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vals[i] = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/request.c:645:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
vals[2] = atoi(buf);
data/crossfire-1.71.0+dfsg1/socket/request.c:715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:1122:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[60];
data/crossfire-1.71.0+dfsg1/socket/request.c:1999:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, buf+1, nlen);
data/crossfire-1.71.0+dfsg1/socket/request.c:2006:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(password, buf+2+nlen, plen);
data/crossfire-1.71.0+dfsg1/socket/request.c:2024:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF], password[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:2145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF], password[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:2248:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF], password[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/request.c:2429:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pl->socket, ns, sizeof(socket_struct));
data/crossfire-1.71.0+dfsg1/socket/request.c:2455:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF], password[MAX_BUF], *choices[MAX_CHOICES];
data/crossfire-1.71.0+dfsg1/socket/request.c:2615:35: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int val = atoi(value);
data/crossfire-1.71.0+dfsg1/socket/request.c:2824:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char old[MAX_BUF], change[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:201:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:447:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:461:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(buf, "r");
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:488:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:52:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newmap_name[HUGE_BUF], *cp;
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:90:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:112:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[150];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:372:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[HUGE_BUF], *compat, *final;
data/crossfire-1.71.0+dfsg1/test/unit/common/check_living.c:62:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *archs[ARCHS] = { "pl_dragon", "pl_half_orc", "human_player" };
data/crossfire-1.71.0+dfsg1/test/unit/common/check_loader.c:96:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expect[10000];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_object.c:865:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char err[50];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_path.c:49:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_path.c:56:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_path.c:66:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char res[HUGE_BUF];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_treasure.c:76:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *treasurelists[NUM_TREASURE_LISTS] = {"monk_class_items",
data/crossfire-1.71.0+dfsg1/test/unit/common/check_treasure.c:78:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *items[NUM_TREASURE_LISTS][100] = { {
data/crossfire-1.71.0+dfsg1/test/unit/common/check_utils.c:50:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[256];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_utils.c:51:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *array[64];
data/crossfire-1.71.0+dfsg1/test/unit/common/check_utils.c:103:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char init[MAX_BUF], replaced[MAX_BUF];
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longname[MAX_NAME+3];
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char names[50];
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account.c:130:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(names,"char-%02d", j);
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account_char.c:55:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account_char.c:67:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pl->maplevel, "test map");
data/crossfire-1.71.0+dfsg1/test/unit/server/comet_perf.c:123:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static void check_hp(const char *test, int hp_row[TEST_MAP_SIZE], int hp_diag[TEST_MAP_SIZE]) {
data/crossfire-1.71.0+dfsg1/types/book/book.c:99:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/clock/clock.c:53:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf1[128];
data/crossfire-1.71.0+dfsg1/types/converter/converter.c:166:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/exit/exit.c:164:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/food/food.c:75:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/food/food.c:89:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/food/food.c:106:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/food/food.c:241:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF]; /* tmp. string buffer */
data/crossfire-1.71.0+dfsg1/types/identify_altar/identify_altar.c:53:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/lighter/lighter.c:65:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char item_name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/potion/potion.c:168:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(force->resist, potion->resist, sizeof(potion->resist));
data/crossfire-1.71.0+dfsg1/types/potion/potion.c:177:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/savebed/savebed.c:92:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pl->contr->killer, "left");
data/crossfire-1.71.0+dfsg1/types/shop_inventory/shop_inventory.c:92:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/skillscroll/skillscroll.c:58:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/spellbook/spellbook.c:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[100];
data/crossfire-1.71.0+dfsg1/types/spellbook/spellbook.c:99:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/transport/transport.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name_op[MAX_BUF], name_old[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/transport/transport.c:166:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
p_limit = atoi(kv);
data/crossfire-1.71.0+dfsg1/types/transport/transport.c:218:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int wsr = atoi(kv);
data/crossfire-1.71.0+dfsg1/types/treasure/treasure.c:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_BUF];
data/crossfire-1.71.0+dfsg1/types/weapon_improver/weapon_improver.c:253:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:69:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *const flag_names[NUM_FLAGS+1] = {
data/crossfire-1.71.0+dfsg1/utils/bwp.c:152:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "rb");
data/crossfire-1.71.0+dfsg1/utils/bwp.c:374:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char image_list_path[128];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wikifile[128];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:409:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
image_list = fopen(image_list_path, "w");
data/crossfire-1.71.0+dfsg1/utils/bwp.c:432:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *key[16] = { NULL, };
data/crossfire-1.71.0+dfsg1/utils/bwp.c:433:19: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *val[16] = { NULL, };
data/crossfire-1.71.0+dfsg1/utils/bwp.c:434:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[16][MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:457:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(wikifile, "w");
data/crossfire-1.71.0+dfsg1/utils/bwp.c:463:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char letterindex[256] = "";
data/crossfire-1.71.0+dfsg1/utils/bwp.c:464:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char letterindexnext[7];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:471:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(letterindexnext, "%c ", toupper(li));
data/crossfire-1.71.0+dfsg1/utils/bwp.c:473:25: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(letterindexnext, "[[%c]] ", toupper(li));
data/crossfire-1.71.0+dfsg1/utils/bwp.c:481:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[keycount], "%c", toupper(letter));
data/crossfire-1.71.0+dfsg1/utils/bwp.c:564:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rowtext[32];
data/crossfire-1.71.0+dfsg1/utils/bwp.c:645:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[keycount], "%li", at->clone.stats.exp);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:648:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[keycount], "%i", at->clone.stats.hp);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:651:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf[keycount], "%i", at->clone.stats.ac);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:360:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char root[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:867:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sint32 elevation = atoi(selevation);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:942:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(name, "rb");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1063:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(result, "../");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1326:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1327:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char description[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1343:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, end+4, strlen(map->lore)-(end-start+3));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1375:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, end+4, strlen(map->lore)-(end-start+3));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1400:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mainmappath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1403:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char questid[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1451:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(path, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1723:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1867:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmppath[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1868:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picpath[MAX_BUF], smallpicpath[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1986:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ep[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2085:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(picpath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2092:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(smallpicpath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2135:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maphtml[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2136:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[50];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2137:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lettercount[50];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2141:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_letter[2];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2160:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&idx_vars[1], vars, sizeof(char *)*basevalues);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2164:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&idx_values[1], values, sizeof(char *)*basevalues);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2221:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(maphtml, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char html[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2275:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2282:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(html, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2283:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
index = fopen(html, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2308:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char index_path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2317:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(index_path, "/maps.html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2318:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
index = fopen(index_path, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2332:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char count[10];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2335:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2358:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file, "/regions.html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2359:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(file, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2375:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapleft[10], maptop[10], mapright[10], mapbottom[10];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2382:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[100];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappath[500], mapraw[500], mapregion[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2398:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(file, "/world.html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2420:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(mappath, "rb");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2465:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(file, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2471:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(mappath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2485:52: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gdImageString(small, font, x, y, (unsigned char *)regions[region]->reg->name, color);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2486:50: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gdImageString(pic, font, x, y, (unsigned char *)regions[region]->reg->name, color);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2491:54: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gdImageString(infomap, font, x, y, (unsigned char *)regions[region]->reg->name, color);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2495:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(mappath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2501:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(mappath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2524:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char htmlpath[500]; /* Map file path. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2525:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappic[500]; /* Name of map's full size picture. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2526:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapsmallpic[500]; /* Name of map's small size picture. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2527:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char indexpath[500]; /* Relative path of full index. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2528:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regionpath[500]; /* Path to region's filename. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2529:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regionname[500]; /* Name of map's region. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2530:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regionindexpath[500]; /* Path to region index file. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2531:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char worldmappath[500]; /* Path to world map. */
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2532:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exit_path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2533:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maplevel[5], minmonster[5], maxmonster[5];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2535:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char questpath[500], questtemp[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2560:9: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(exit_path, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2587:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relative[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2596:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(relative, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2614:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char relative[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2623:13: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(relative, ".html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2675:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(htmlpath, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2710:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2866:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picpath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2898:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picpath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2978:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(picpath, "rb");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2996:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(picpath, "rb");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3011:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(picpath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3016:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(picpath, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3052:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3053:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mappath[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3058:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strlevel[10];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3059:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char strcount[10];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3116:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3130:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3138:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3163:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3171:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
out = fopen(name, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3221:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024], full[1024];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3264:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[1024];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3268:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
dump = fopen(path, "w+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3287:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3296:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3318:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3329:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3337:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3415:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3424:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3454:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3462:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3490:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_BUF];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3496:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(path, "wb+");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3560:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[500];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3572:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
map_limit = atoi(argv[arg]+7);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3578:32: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
jpeg_quality = atoi(argv[arg]+5);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3609:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
tileset = atoi(argv[arg]+9);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3616:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(root, "html");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3627:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[502];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3630:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dummy, "/a");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3648:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char max[50];
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3737:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(max, "(none)");
data/crossfire-1.71.0+dfsg1/common/anim.c:72:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) == 0)
data/crossfire-1.71.0+dfsg1/common/anim.c:75:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = '\0';
data/crossfire-1.71.0+dfsg1/common/arch.c:163:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmpname, name, MAX_BUF-1);
data/crossfire-1.71.0+dfsg1/common/arch.c:165:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(tmpname); i > 0; i--) {
data/crossfire-1.71.0+dfsg1/common/arch.c:423:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = argument+strlen(argument)-1;
data/crossfire-1.71.0+dfsg1/common/artifact.c:521:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (*(cp+strlen(cp)-1) == ' ')
data/crossfire-1.71.0+dfsg1/common/artifact.c:522:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = '\0';
data/crossfire-1.71.0+dfsg1/common/dialog.c:172:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmplen += strlen(current)+2;
data/crossfire-1.71.0+dfsg1/common/dialog.c:180:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(tmp, current, tmplen-strlen(tmp)-1);
data/crossfire-1.71.0+dfsg1/common/dialog.c:180:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tmp, current, tmplen-strlen(tmp)-1);
data/crossfire-1.71.0+dfsg1/common/dialog.c:181:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(tmp, "\n", tmplen-strlen(tmp)-1);
data/crossfire-1.71.0+dfsg1/common/dialog.c:181:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(tmp, "\n", tmplen-strlen(tmp)-1);
data/crossfire-1.71.0+dfsg1/common/holy.c:359:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(retbuf, ")"); \
data/crossfire-1.71.0+dfsg1/common/holy.c:374:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(retbuf, ")"); \
data/crossfire-1.71.0+dfsg1/common/image.c:141:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = '\0'; /* remove newline */
data/crossfire-1.71.0+dfsg1/common/image.c:156:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = '\0';
data/crossfire-1.71.0+dfsg1/common/image.c:244:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l = 0; l < strlen(p); l++) {
data/crossfire-1.71.0+dfsg1/common/image.c:528:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp[strlen(cp) - 1] == '\n')
data/crossfire-1.71.0+dfsg1/common/image.c:529:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/common/init.c:165:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmpbuf[strlen(tmpbuf)-1] = 0; /* kill newline */
data/crossfire-1.71.0+dfsg1/common/item.c:562:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/crossfire-1.71.0+dfsg1/common/item.c:587:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/crossfire-1.71.0+dfsg1/common/item.c:608:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/crossfire-1.71.0+dfsg1/common/item.c:697:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf, "(null)", size);
data/crossfire-1.71.0+dfsg1/common/item.c:702:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, op->name, size); /* To speed things up (or make things slower?) */
data/crossfire-1.71.0+dfsg1/common/item.c:709:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/crossfire-1.71.0+dfsg1/common/item.c:731:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(buf+len);
data/crossfire-1.71.0+dfsg1/common/item.c:755:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), " %+d", op->magic);
data/crossfire-1.71.0+dfsg1/common/item.c:755:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), " %+d", op->magic);
data/crossfire-1.71.0+dfsg1/common/languages.c:199:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
line[strlen(line)-1] = '\0'; /* erase the final newline that messes things. */
data/crossfire-1.71.0+dfsg1/common/living.c:2529:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(cp, int_bonus_names[i], strlen(int_bonus_names[i]))) {
data/crossfire-1.71.0+dfsg1/common/living.c:2539:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(cp, float_bonus_names[i], strlen(float_bonus_names[i]))) {
data/crossfire-1.71.0+dfsg1/common/los.c:603:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, buf2, sizeof(buf)-strlen(buf)-1);
data/crossfire-1.71.0+dfsg1/common/los.c:603:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, buf2, sizeof(buf)-strlen(buf)-1);
data/crossfire-1.71.0+dfsg1/common/los.c:610:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf, buf2, sizeof(buf)-strlen(buf)-1);
data/crossfire-1.71.0+dfsg1/common/los.c:610:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf, buf2, sizeof(buf)-strlen(buf)-1);
data/crossfire-1.71.0+dfsg1/common/map.c:170:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = buf+strlen(buf);
data/crossfire-1.71.0+dfsg1/common/map.c:972:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(output_string+strlen(output_string), size-strlen(output_string), "%s", tmp);
data/crossfire-1.71.0+dfsg1/common/map.c:972:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(output_string+strlen(output_string), size-strlen(output_string), "%s", tmp);
data/crossfire-1.71.0+dfsg1/common/map.c:976:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(output_string) > 0) {
data/crossfire-1.71.0+dfsg1/common/map.c:977:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
output_string[strlen(output_string) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/common/map.c:1057:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgpos += strlen(buf);
data/crossfire-1.71.0+dfsg1/common/map.c:1079:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maplorepos += strlen(buf);
data/crossfire-1.71.0+dfsg1/common/object.c:4549:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncasecmp(cp, bname_s, strlen(cp)))
data/crossfire-1.71.0+dfsg1/common/object.c:4551:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (!strncasecmp(cp, bname_p, strlen(cp)))
data/crossfire-1.71.0+dfsg1/common/path.c:109:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
q = p+strlen(p);
data/crossfire-1.71.0+dfsg1/common/porting.c:297:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *c = (char *)malloc(strlen(str)+1);
data/crossfire-1.71.0+dfsg1/common/porting.c:453:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(find);
data/crossfire-1.71.0+dfsg1/common/readable.c:681:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "%s", tbuf);
data/crossfire-1.71.0+dfsg1/common/readable.c:681:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "%s", tbuf);
data/crossfire-1.71.0+dfsg1/common/readable.c:684:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), " and ");
data/crossfire-1.71.0+dfsg1/common/readable.c:684:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), " and ");
data/crossfire-1.71.0+dfsg1/common/readable.c:686:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), ", ");
data/crossfire-1.71.0+dfsg1/common/readable.c:686:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), ", ");
data/crossfire-1.71.0+dfsg1/common/readable.c:688:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), ".");
data/crossfire-1.71.0+dfsg1/common/readable.c:688:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), ".");
data/crossfire-1.71.0+dfsg1/common/readable.c:752:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(msgbuf) > BOOK_BUF) {
data/crossfire-1.71.0+dfsg1/common/readable.c:769:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(msgbuf, "\n");
data/crossfire-1.71.0+dfsg1/common/readable.c:788:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(msgbuf, " "); /* reset msgbuf for new message */
data/crossfire-1.71.0+dfsg1/common/readable.c:900:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (sscanf(buf, "level %d%n", &value, &len) == 1 && len == (int)strlen(buf)) {
data/crossfire-1.71.0+dfsg1/common/readable.c:902:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (sscanf(buf, "type %d%n", &value, &len) == 1 && len == (int)strlen(buf)) {
data/crossfire-1.71.0+dfsg1/common/readable.c:904:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (sscanf(buf, "size %d%n", &value, &len) == 1 && len == (int)strlen(buf)) {
data/crossfire-1.71.0+dfsg1/common/readable.c:906:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (sscanf(buf, "index %d%n", &value, &len) == 1 && len == (int)strlen(buf)) {
data/crossfire-1.71.0+dfsg1/common/readable.c:1035:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(book->msg);
data/crossfire-1.71.0+dfsg1/common/readable.c:1114:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msgtype < 0 || strlen(op->msg) < 5)
data/crossfire-1.71.0+dfsg1/common/readable.c:1194:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t->size = strlen(book->msg);
data/crossfire-1.71.0+dfsg1/common/readable.c:1244:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(book->msg) > 5 && (t = find_title(book, msgtype))) {
data/crossfire-1.71.0+dfsg1/common/readable.c:1324:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (book->title && strlen(book->msg) > 5) { /* archive if long msg texts */
data/crossfire-1.71.0+dfsg1/common/readable.c:1582:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (message && !(strlen(art->item->msg) > BOOK_BUF))
data/crossfire-1.71.0+dfsg1/common/readable.c:1720:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(at->clone.name) + stringbuffer_length(buf) >= booksize)
data/crossfire-1.71.0+dfsg1/common/readable.c:1897:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (msg && strlen(msg->message) <= booksize) {
data/crossfire-1.71.0+dfsg1/common/readable.c:2016:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
book_buf_size -= strlen("\n"); /* Keep enough for final \n. */
data/crossfire-1.71.0+dfsg1/common/recipe.c:634:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int val = 0, len = strlen(cp), mult = numb_ingred(buf);
data/crossfire-1.71.0+dfsg1/common/recipe.c:809:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dup = dup+strlen(dup)+1;
data/crossfire-1.71.0+dfsg1/common/region.c:451:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msgpos += strlen(key);
data/crossfire-1.71.0+dfsg1/common/shstr.c:105:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ss = (shared_string *)malloc(sizeof(shared_string)-PADDING+strlen(str)+1);
data/crossfire-1.71.0+dfsg1/common/shstr.c:328:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:328:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:330:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:330:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:332:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:332:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:334:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:334:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:336:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:336:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), size-strlen(buf), "%s", line);
data/crossfire-1.71.0+dfsg1/common/shstr.c:402:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len1 = strlen(buf1);
data/crossfire-1.71.0+dfsg1/common/shstr.c:404:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len2 = strlen(buf2);
data/crossfire-1.71.0+dfsg1/common/stringbuffer.c:98:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/crossfire-1.71.0+dfsg1/common/treasure.c:1305:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
op->value *= ((op->level > 10 ? op->level : (op->level+1)/2)*((strlen(op->msg)/250)+1));
data/crossfire-1.71.0+dfsg1/common/utils.c:335:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) < sizeof("\n")) {
data/crossfire-1.71.0+dfsg1/common/utils.c:338:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(buf+strlen(buf)-EOL_SIZE, "\n"))
data/crossfire-1.71.0+dfsg1/common/utils.c:339:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-EOL_SIZE] = '\0';
data/crossfire-1.71.0+dfsg1/common/utils.c:357:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
keylen = strlen(key);
data/crossfire-1.71.0+dfsg1/common/utils.c:363:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
resultlen += strlen(result+resultlen);
data/crossfire-1.71.0+dfsg1/common/utils.c:391:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!input || strlen(input) > MAX_BUF-5)
data/crossfire-1.71.0+dfsg1/common/utils.c:395:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, input, MAX_BUF-5);
data/crossfire-1.71.0+dfsg1/common/utils.c:397:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = strlen(tmp); !isalnum(tmp[i]) && i >= 0; i--)
data/crossfire-1.71.0+dfsg1/common/utils.c:399:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(tmp, ".");
data/crossfire-1.71.0+dfsg1/include/define.h:822:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest+*curlen, orig, maxlen-*curlen-1);
data/crossfire-1.71.0+dfsg1/include/define.h:824:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*curlen += strlen(orig);
data/crossfire-1.71.0+dfsg1/include/global.h:286:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)->d_name)
data/crossfire-1.71.0+dfsg1/include/win32.h:135:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define NAMLEN(dirent) strlen((dirent)->d_name)
data/crossfire-1.71.0+dfsg1/include/xdir.h:10:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)d->name)
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:608:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-strlen("\n")] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:608:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-strlen("\n")] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:609:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (buffer[strlen(buffer)-1] == ' ')
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:610:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-1] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:611:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buffer) <= 0)
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:677:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(&buffer[strlen(buffer)-strlen("\n")], "\n"))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:677:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcmp(&buffer[strlen(buffer)-strlen("\n")], "\n"))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:678:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-strlen("\n")] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:678:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(buffer)-strlen("\n")] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:685:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen(*variable) > 0) && ((*variable)[strlen(*variable)-1] == ' '))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:685:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen(*variable) > 0) && ((*variable)[strlen(*variable)-1] == ' '))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:686:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*variable)[strlen(*variable)-1] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:687:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen(*value) > 0) && ((*value)[strlen(*value)-1] == ' '))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:687:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while ((strlen(*value) > 0) && ((*value)[strlen(*value)-1] == ' '))
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:688:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*value)[strlen(*value)-1] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:868:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (value[strlen(value)-1] == '"')
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:869:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value[strlen(value)-1] = '\0';
data/crossfire-1.71.0+dfsg1/plugins/cfanim/cfanim.c:1013:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strncmp(&buffer[1], animationitem, strlen(animationitem))) {
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:211:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size -= strlen(buffer)-1;
data/crossfire-1.71.0+dfsg1/plugins/cfnewspaper/cfnewspaper.c:212:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += strlen(buffer);
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:527:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((message != NULL) && (message[strlen(message)] == '\n'))
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:641:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) >= sizeof(buf) - 1)
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython.c:1591:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(context->options, "");
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cfpython_object.c:2226:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(message) >= sizeof(buf) - 1)
data/crossfire-1.71.0+dfsg1/plugins/cfpython/cjson.c:1284:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
jsondata.end = jsondata.str+strlen(jsondata.str);
data/crossfire-1.71.0+dfsg1/plugins/cfrhg/cfrhg.c:133:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(r)-1;
data/crossfire-1.71.0+dfsg1/plugins/common/plugin_common.c:493:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cfapiObject_change_exp(&type, op, exp, skill_name && strlen(skill_name) > 0 ? skill_name : NULL, flag);
data/crossfire-1.71.0+dfsg1/plugins/template/plugin_template.c:283:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(context->options, context->event->name, sizeof(context->options));
data/crossfire-1.71.0+dfsg1/random_maps/exit.c:337:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_map->path, RP->final_map, sizeof(new_map->path));
data/crossfire-1.71.0+dfsg1/random_maps/random_map.c:133:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(theMap->path, OutFileName, sizeof(theMap->path));
data/crossfire-1.71.0+dfsg1/random_maps/special.c:347:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hole.final_map, "");
data/crossfire-1.71.0+dfsg1/random_maps/special.c:348:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hole.exit_on_final_map, "");
data/crossfire-1.71.0+dfsg1/random_maps/special.c:349:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(hole.this_map, "");
data/crossfire-1.71.0+dfsg1/random_maps/style.c:184:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (stylename && strlen(stylename) > 0) {
data/crossfire-1.71.0+dfsg1/random_maps/wall.c:252:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(wall_name, the_wall->arch->name, sizeof(wall_name));
data/crossfire-1.71.0+dfsg1/server/attack.c:1793:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op->contr->killer, hitter->name, BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/ban.c:91:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(log_buf, line_buf, num1);
data/crossfire-1.71.0+dfsg1/server/ban.c:95:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(host_buf, indexpos+1, sizeof(host_buf)-1);
data/crossfire-1.71.0+dfsg1/server/build_map.c:348:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(archetype, wall->arch->name, sizeof(archetype));
data/crossfire-1.71.0+dfsg1/server/build_map.c:364:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = sizeof(archetype)-strlen(archetype)-2;
data/crossfire-1.71.0+dfsg1/server/build_map.c:379:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(archetype, "0", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:383:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "1_3", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:387:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "1_4", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:392:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "win2", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:394:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_1_2", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:399:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "1_2", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:403:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_2_4", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:407:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_2_1", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:411:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "3_1", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:415:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "1_1", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:419:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_2_3", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:423:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_2_2", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:427:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "3_3", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:432:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "win1", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:434:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "2_1_1", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:439:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "3_4", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:443:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(archetype, "3_2", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:447:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant character.
strncat(archetype, "4", len);
data/crossfire-1.71.0+dfsg1/server/build_map.c:635:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_basename, current_wall->arch->name, sizeof(current_basename));
data/crossfire-1.71.0+dfsg1/server/build_map.c:642:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_basename, new_wall->arch->name, sizeof(new_basename));
data/crossfire-1.71.0+dfsg1/server/build_map.c:717:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(archetype, current_wall->arch->name, sizeof(archetype));
data/crossfire-1.71.0+dfsg1/server/c_chat.c:246:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) == 0) {
data/crossfire-1.71.0+dfsg1/server/c_misc.c:59:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m->path) <= 18)
data/crossfire-1.71.0+dfsg1/server/c_misc.c:62:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(map_path, m->path+strlen(m->path)-18);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:581:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i <= strlen(format); i++) {
data/crossfire-1.71.0+dfsg1/server/c_misc.c:587:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(outbuf, " "); /* allow '_' to be used in place of spaces */
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1135:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t = buf+strlen(buf);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1255:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, " ");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1258:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ",");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1260:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1581:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, " ");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1630:9: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(line, " ");
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1703:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line)-1;
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1770:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(line)-1;
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1886:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
unsigned int pwd_len = strlen(op->contr->write_buf);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:1953:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op->contr->password, op->contr->new_password, 13);
data/crossfire-1.71.0+dfsg1/server/c_misc.c:2009:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(params) >= MAX_NAME) {
data/crossfire-1.71.0+dfsg1/server/c_new.c:90:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = command+strlen(command)-1;
data/crossfire-1.71.0+dfsg1/server/c_object.c:1988:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(params) >= MAX_BUF) {
data/crossfire-1.71.0+dfsg1/server/c_object.c:2112:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (counter = 0; counter < strlen(buf); counter++) {
data/crossfire-1.71.0+dfsg1/server/c_object.c:2135:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(params)) {
data/crossfire-1.71.0+dfsg1/server/c_object.c:2155:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(buf)) {
data/crossfire-1.71.0+dfsg1/server/c_object.c:2206:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*params == '\0' || strlen(params) == 0) {
data/crossfire-1.71.0+dfsg1/server/c_object.c:2263:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
with = with+strlen(" with ");
data/crossfire-1.71.0+dfsg1/server/c_party.c:249:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(params) > 8) {
data/crossfire-1.71.0+dfsg1/server/c_range.c:90:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (*params == '\0' || !strncmp(params, spell->name, strlen(params)))) {
data/crossfire-1.71.0+dfsg1/server/c_range.c:130:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(tmp, spell_sort[i], strlen(tmp))) {
data/crossfire-1.71.0+dfsg1/server/c_range.c:137:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp, (int)(12-strlen(tmp)), " ");
data/crossfire-1.71.0+dfsg1/server/c_range.c:162:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpy, params, sizeof(cpy));
data/crossfire-1.71.0+dfsg1/server/c_range.c:186:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(cpy) > strlen(spob->name)) {
data/crossfire-1.71.0+dfsg1/server/c_range.c:186:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (strlen(cpy) > strlen(spob->name)) {
data/crossfire-1.71.0+dfsg1/server/c_range.c:187:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp = cpy+strlen(spob->name);
data/crossfire-1.71.0+dfsg1/server/c_range.c:224:21: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op->contr->spellparam, cp, MAX_BUF);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:975:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(cpy, params, sizeof(cpy));
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:979:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
endline = bp+strlen(bp);
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1041:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bp2 = cp+strlen(spell_name)+1;
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1583:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
|| (strlen(params) > MAX_BUF)
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:1822:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp("full-reset", confirmation, strlen("full-reset"))) {
data/crossfire-1.71.0+dfsg1/server/c_wiz.c:2177:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
spell_name_length = strlen(spell_name);
data/crossfire-1.71.0+dfsg1/server/gods.c:54:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t nmlen = strlen(name);
data/crossfire-1.71.0+dfsg1/server/gods.c:59:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, gl->name, MIN(strlen(gl->name), nmlen)))
data/crossfire-1.71.0+dfsg1/server/hiscore.c:123:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc->name, tmp[0], BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:126:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc->title, tmp[1], BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:131:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc->killer, tmp[3], BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:134:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(sc->maplevel, tmp[4], BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:330:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score.name, op->name, BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:333:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score.killer, op->contr->killer, BIG_NAME);
data/crossfire-1.71.0+dfsg1/server/hiscore.c:341:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(new_score.maplevel, op->map->name ? op->map->name : op->map->path, BIG_NAME-1);
data/crossfire-1.71.0+dfsg1/server/init.c:1445:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (cp1 = cp+strlen(cp)-1; *cp1 == '\n' || *cp1 == ' '; cp1--) {
data/crossfire-1.71.0+dfsg1/server/init.c:1451:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cp[strlen(cp)-1] == '\n')
data/crossfire-1.71.0+dfsg1/server/init.c:1452:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cp[strlen(cp)-1] = '\0';
data/crossfire-1.71.0+dfsg1/server/knowledge.c:386:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, inv->name, sizeof(name));
data/crossfire-1.71.0+dfsg1/server/knowledge.c:753:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(check->item, dup, strlen(dup)) == 0) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:785:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
letter = strlen(buf);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:786:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+letter, code, MAX_BUF-letter);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:787:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; letter < strlen(buf); letter++) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:906:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char final[MAX_BUF], read[MAX_BUF], *dot;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:918:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:918:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:919:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(read) > 0)
data/crossfire-1.71.0+dfsg1/server/knowledge.c:919:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strlen(read) > 0)
data/crossfire-1.71.0+dfsg1/server/knowledge.c:920:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/knowledge.c:920:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/knowledge.c:920:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/knowledge.c:922:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
dot = strchr(read, ':');
data/crossfire-1.71.0+dfsg1/server/knowledge.c:930:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
type = knowledge_find(read);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:932:71: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LOG(llevError, "knowledge: invalid type %s in file %s\n", read, final);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:936:79: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LOG(llevDebug, "knowledge: ignoring now invalid %s in file %s\n", read, final);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:998:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
copy = calloc(1, strlen(marker) + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:999:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(copy, marker, strlen(marker) + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:999:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(copy, marker, strlen(marker) + 1);
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1282:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(knowledge) >= MAX_BUF - 1) {
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1474:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 4 + (2 + strlen(item->handler->type)) + (2 + strlen(title)) + 4;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1474:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 4 + (2 + strlen(item->handler->type)) + (2 + strlen(title)) + 4;
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1483:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, item->handler->type, strlen(item->handler->type));
data/crossfire-1.71.0+dfsg1/server/knowledge.c:1486:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, title, strlen(title));
data/crossfire-1.71.0+dfsg1/server/login.c:115:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) >= sizeof(buf)-1) {
data/crossfire-1.71.0+dfsg1/server/login.c:131:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0; /* remove newline */
data/crossfire-1.71.0+dfsg1/server/login.c:170:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= MAX_NAME) {
data/crossfire-1.71.0+dfsg1/server/login.c:567:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pl->password, buf, 15);
data/crossfire-1.71.0+dfsg1/server/login.c:607:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
val_string = bufall + strlen(buf) +1;
data/crossfire-1.71.0+dfsg1/server/login.c:718:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(party_password, val_string, sizeof(party_password));
data/crossfire-1.71.0+dfsg1/server/login.c:745:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pl->title, op->arch->clone.name, sizeof(pl->title)-1);
data/crossfire-1.71.0+dfsg1/server/monster.c:348:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (talked && strlen(talked) > 0) {
data/crossfire-1.71.0+dfsg1/server/party.c:349:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(party->party_kills[pos].killer, killer, MAX_NAME);
data/crossfire-1.71.0+dfsg1/server/party.c:350:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(party->party_kills[pos].dead, dead, MAX_NAME);
data/crossfire-1.71.0+dfsg1/server/player.c:65:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t namelen = strlen(plname);
data/crossfire-1.71.0+dfsg1/server/player.c:82:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pl->ob->name) < namelen)
data/crossfire-1.71.0+dfsg1/server/player.c:147:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(motd+size, buf, HUGE_BUF-size);
data/crossfire-1.71.0+dfsg1/server/player.c:148:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(buf);
data/crossfire-1.71.0+dfsg1/server/player.c:177:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size+strlen(buf) >= HUGE_BUF) {
data/crossfire-1.71.0+dfsg1/server/player.c:181:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(rules+size, buf, HUGE_BUF-size);
data/crossfire-1.71.0+dfsg1/server/player.c:182:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(buf);
data/crossfire-1.71.0+dfsg1/server/player.c:223:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (size+strlen(buf) >= HUGE_BUF) {
data/crossfire-1.71.0+dfsg1/server/player.c:227:13: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(news+size, buf, HUGE_BUF-size);
data/crossfire-1.71.0+dfsg1/server/player.c:228:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += strlen(buf);
data/crossfire-1.71.0+dfsg1/server/player.c:361:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(p->title, op->arch->clone.name, sizeof(p->title)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:1350:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op->contr->title, op->arch->clone.name, sizeof(op->contr->title)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:1591:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(mp->path, buf, strlen(buf)))
data/crossfire-1.71.0+dfsg1/server/player.c:3230:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(buf2, " R.I.P.\n\n", len);
data/crossfire-1.71.0+dfsg1/server/player.c:3235:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3235:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3236:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3236:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3241:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3241:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3242:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3242:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3245:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf2, " ", 21-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3245:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, " ", 21-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3246:9: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3246:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3249:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3249:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, " ", 20-strlen(buf)/2);
data/crossfire-1.71.0+dfsg1/server/player.c:3250:5: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:3250:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(buf2, buf, len-strlen(buf2)-1);
data/crossfire-1.71.0+dfsg1/server/player.c:4360:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buf, ".");
data/crossfire-1.71.0+dfsg1/server/plugins.c:788:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, final, length - 1);
data/crossfire-1.71.0+dfsg1/server/plugins.c:2382:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rbuffer, op->face->name, rbufsize);
data/crossfire-1.71.0+dfsg1/server/plugins.c:2393:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rbuffer, animations[op->animation_id].name, rbufsize);
data/crossfire-1.71.0+dfsg1/server/plugins.c:2529:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(msg);
data/crossfire-1.71.0+dfsg1/server/plugins.c:3120:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(op->contr->savebed_map, sarg, MAX_BUF);
data/crossfire-1.71.0+dfsg1/server/plugins.c:3278:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(desc, final, size);
data/crossfire-1.71.0+dfsg1/server/plugins.c:3864:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buffer, final, strlen(final) - 1);
data/crossfire-1.71.0+dfsg1/server/plugins.c:3864:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncpy(buffer, final, strlen(final) - 1);
data/crossfire-1.71.0+dfsg1/server/plugins.c:3865:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer[strlen(final)] = '\0';
data/crossfire-1.71.0+dfsg1/server/plugins.c:4105:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(name, str, strlen(str)))
data/crossfire-1.71.0+dfsg1/server/plugins.c:4107:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(tmp->name, str, strlen(str)))
data/crossfire-1.71.0+dfsg1/server/plugins.c:4792:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(currentfile->d_name);
data/crossfire-1.71.0+dfsg1/server/plugins.c:4793:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (l > strlen(PLUGIN_SUFFIX)) {
data/crossfire-1.71.0+dfsg1/server/plugins.c:4797:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcmp(currentfile->d_name+l-strlen(PLUGIN_SUFFIX), PLUGIN_SUFFIX) != 0)
data/crossfire-1.71.0+dfsg1/server/plugins.c:4806:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(disable->name, currentfile->d_name, strlen(disable->name)) == 0 && strlen(currentfile->d_name) == strlen(PLUGIN_SUFFIX) + strlen(disable->name)) {
data/crossfire-1.71.0+dfsg1/server/plugins.c:4806:96: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(disable->name, currentfile->d_name, strlen(disable->name)) == 0 && strlen(currentfile->d_name) == strlen(PLUGIN_SUFFIX) + strlen(disable->name)) {
data/crossfire-1.71.0+dfsg1/server/plugins.c:4806:127: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(disable->name, currentfile->d_name, strlen(disable->name)) == 0 && strlen(currentfile->d_name) == strlen(PLUGIN_SUFFIX) + strlen(disable->name)) {
data/crossfire-1.71.0+dfsg1/server/plugins.c:4806:151: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(disable->name, currentfile->d_name, strlen(disable->name)) == 0 && strlen(currentfile->d_name) == strlen(PLUGIN_SUFFIX) + strlen(disable->name)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:175:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char final[MAX_BUF], read[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:187:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/quest.c:187:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/quest.c:189:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_setwhen\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:206:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "%s %d-%d\n", namedquest, &minstep, &maxstep)!=3) {
data/crossfire-1.71.0+dfsg1/server/quest.c:207:28: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "%s <=%d\n", namedquest, &maxstep)== 2) {
data/crossfire-1.71.0+dfsg1/server/quest.c:210:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (sscanf(read, "%s %d\n", namedquest, &minstep)==2) {
data/crossfire-1.71.0+dfsg1/server/quest.c:213:35: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
} else if (strstr(read, "finished")) {
data/crossfire-1.71.0+dfsg1/server/quest.c:214:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "%s finished\n", namedquest)==1) {
data/crossfire-1.71.0+dfsg1/server/quest.c:222:83: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LOG(llevError, "Invalid line '%s' in setwhen block for quest %s", read, quest->quest_code);
data/crossfire-1.71.0+dfsg1/server/quest.c:237:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_description\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:251:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stringbuffer_append_string(buf, read);
data/crossfire-1.71.0+dfsg1/server/quest.c:256:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_step\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:261:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "finishes_quest\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:265:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "description\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:270:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "setwhen\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:275:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read, quest->quest_code, filename);
data/crossfire-1.71.0+dfsg1/server/quest.c:280:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_description\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:293:45: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stringbuffer_append_string(buf, read);
data/crossfire-1.71.0+dfsg1/server/quest.c:298:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_quest\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:304:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "description\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:310:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strncmp(read, "title ", 6) == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:311:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:311:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:311:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:316:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "step %d\n", &i)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:325:24: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "restart %d\n", &i)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:329:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strncmp(read, "parent ", 7) == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:330:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:330:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:330:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:341:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strncmp(read, "face ", 5) == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:343:17: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:343:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:343:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:354:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read[0] == '#')
data/crossfire-1.71.0+dfsg1/server/quest.c:357:21: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strncmp(read, "quest ", 6) == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:359:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:359:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:359:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read[strlen(read) - 1] = '\0';
data/crossfire-1.71.0+dfsg1/server/quest.c:376:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "include %s\n", includefile)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:389:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "\n") == 0)
data/crossfire-1.71.0+dfsg1/server/quest.c:392:112: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LOG(llevError, "quest: invalid file format for %s, I don't know what to do with the line %s\n", final, read);
data/crossfire-1.71.0+dfsg1/server/quest.c:472:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
char final[MAX_BUF], read[MAX_BUF], data[MAX_BUF];
data/crossfire-1.71.0+dfsg1/server/quest.c:489:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/quest.c:489:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (fgets(read, sizeof(read), file) != NULL) {
data/crossfire-1.71.0+dfsg1/server/quest.c:490:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "quest %s\n", data)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:504:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "state %d\n", &state)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:516:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (strcmp(read, "end_quest\n") == 0) {
data/crossfire-1.71.0+dfsg1/server/quest.c:531:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (sscanf(read, "completed %d\n", &state)) {
data/crossfire-1.71.0+dfsg1/server/quest.c:536:66: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
LOG(llevError, "quest: invalid line in %s: %s\n", final, read);
data/crossfire-1.71.0+dfsg1/server/quest.c:792:60: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, quest->quest_title, strlen(quest->quest_title));
data/crossfire-1.71.0+dfsg1/server/quest.c:802:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, step->step_description, strlen(step->step_description));
data/crossfire-1.71.0+dfsg1/server/quest.c:1281:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 2 + (2 + strlen(quest->quest_title)) + 4 + 1 + (2 + (step != NULL ? strlen(step->step_description) : 0));
data/crossfire-1.71.0+dfsg1/server/quest.c:1281:84: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 2 + (2 + strlen(quest->quest_title)) + 4 + 1 + (2 + (step != NULL ? strlen(step->step_description) : 0));
data/crossfire-1.71.0+dfsg1/server/quest.c:1290:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, quest->quest_title, strlen(quest->quest_title));
data/crossfire-1.71.0+dfsg1/server/quest.c:1298:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, step->step_description, strlen(step->step_description));
data/crossfire-1.71.0+dfsg1/server/server.c:113:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[0] = c[RANDOM()%(int)strlen(c)],
data/crossfire-1.71.0+dfsg1/server/server.c:114:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s[1] = c[RANDOM()%(int)strlen(c)];
data/crossfire-1.71.0+dfsg1/server/server.c:139:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(crypted) == 0) {
data/crossfire-1.71.0+dfsg1/server/server.c:140:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(typed) == 0 ? 1 : 0;
data/crossfire-1.71.0+dfsg1/server/server.c:427:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (isdigit(buf[strlen(buf)-1]))
data/crossfire-1.71.0+dfsg1/server/server.c:428:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/crossfire-1.71.0+dfsg1/server/server.c:708:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(op->contr->maplevel, settings.localdir, strlen(settings.localdir)))
data/crossfire-1.71.0+dfsg1/server/server.c:832:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(EXIT_PATH(exit_ob), settings.localdir, strlen(settings.localdir)))
data/crossfire-1.71.0+dfsg1/server/shop.c:980:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "but you only have");
data/crossfire-1.71.0+dfsg1/server/shop.c:980:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "but you only have");
data/crossfire-1.71.0+dfsg1/server/shop.c:983:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s", coinbuf);
data/crossfire-1.71.0+dfsg1/server/shop.c:983:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "%s", coinbuf);
data/crossfire-1.71.0+dfsg1/server/shop.c:987:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "but you don't have any money.");
data/crossfire-1.71.0+dfsg1/server/shop.c:987:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(buf+strlen(buf), sizeof(buf)-strlen(buf), "but you don't have any money.");
data/crossfire-1.71.0+dfsg1/server/shop.c:1350:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(tmp+pos);
data/crossfire-1.71.0+dfsg1/server/skill_util.c:260:62: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncasecmp(skill_names[i], tmp->skill, strlen(skill_names[i])) &&
data/crossfire-1.71.0+dfsg1/server/skill_util.c:261:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp->skill) >= strlen(skill_names[i])) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:261:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(tmp->skill) >= strlen(skill_names[i])) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:758:75: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (inv->type == SKILL && !strncasecmp(scroll->skill, inv->skill, strlen(scroll->skill))) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:929:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp(string, tmp->skill, MIN(strlen(string), strlen(tmp->skill)))) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:929:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp(string, tmp->skill, MIN(strlen(string), strlen(tmp->skill)))) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:933:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp(string, tmp->skill, MIN(strlen(string), strlen(tmp->skill)))) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:933:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& !strncasecmp(string, tmp->skill, MIN(strlen(string), strlen(tmp->skill)))) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:945:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(skop->skill);
data/crossfire-1.71.0+dfsg1/server/skill_util.c:952:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (len >= strlen(string)) {
data/crossfire-1.71.0+dfsg1/server/skill_util.c:958:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(string) == 0)
data/crossfire-1.71.0+dfsg1/server/skills.c:1475:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(msg);
data/crossfire-1.71.0+dfsg1/server/skills.c:1512:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(msg);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1137:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(op->map->path, settings.localdir, strlen(settings.localdir))) {
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1220:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(old_force->race, settings.localdir, strlen(settings.localdir)))
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:1262:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(force->name, settings.localdir, strlen(settings.localdir)))
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2944:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
letter = strlen(buf);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2945:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+letter, god->name, MAX_BUF-letter);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:2946:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (; letter < strlen(buf); letter++)
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:3354:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(rune, msg, HUGE_BUF-2);
data/crossfire-1.71.0+dfsg1/server/spell_effect.c:3356:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(rune, "\n");
data/crossfire-1.71.0+dfsg1/server/spell_util.c:462:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(spob->name, spname, strlen(spname))) {
data/crossfire-1.71.0+dfsg1/server/spell_util.c:463:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spname) == strlen(spob->name))
data/crossfire-1.71.0+dfsg1/server/spell_util.c:463:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(spname) == strlen(spob->name))
data/crossfire-1.71.0+dfsg1/server/spell_util.c:468:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
} else if (!strncmp(spob->name, spname, strlen(spob->name))) {
data/crossfire-1.71.0+dfsg1/server/win32.c:75:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filespec = malloc(strlen(dir)+2+1);
data/crossfire-1.71.0+dfsg1/server/win32.c:77:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(filespec)-1;
data/crossfire-1.71.0+dfsg1/server/win32.c:122:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dp->dent.d_name, dp->fileinfo.name, _MAX_FNAME);
data/crossfire-1.71.0+dfsg1/server/win32.c:126:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dp->dent.d_reclen = strlen(dp->dent.d_name)+sizeof(char)+sizeof(dp->dent.d_ino)+sizeof(dp->dent.d_reclen)+sizeof(dp->dent.d_off);
data/crossfire-1.71.0+dfsg1/server/win32.c:166:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filespec = malloc(strlen(dir_Info->dir)+2+1);
data/crossfire-1.71.0+dfsg1/server/win32.c:168:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
index = strlen(filespec)-1;
data/crossfire-1.71.0+dfsg1/socket/image.c:156:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (SockList_Avail(&sl) < 2+4+1+1+strlen(new_faces[i].name)+1) {
data/crossfire-1.71.0+dfsg1/socket/image.c:171:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, new_faces[i].name, strlen(new_faces[i].name)+1);
data/crossfire-1.71.0+dfsg1/socket/info.c:185:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(obuf, "Range: nothing", len);
data/crossfire-1.71.0+dfsg1/socket/info.c:219:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(name, "none", MAX_BUF);
data/crossfire-1.71.0+dfsg1/socket/info.c:231:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(obuf, "Range: nothing", len);
data/crossfire-1.71.0+dfsg1/socket/info.c:245:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(obuf, "Range: illegal", len);
data/crossfire-1.71.0+dfsg1/socket/item.c:140:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(item_n);
data/crossfire-1.71.0+dfsg1/socket/item.c:143:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item_n, head->custom_name, 127);
data/crossfire-1.71.0+dfsg1/socket/item.c:145:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(item_n);
data/crossfire-1.71.0+dfsg1/socket/item.c:146:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item_p, head->custom_name, MAX_BUF);
data/crossfire-1.71.0+dfsg1/socket/item.c:148:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item_n+len+1, item_p, 127);
data/crossfire-1.71.0+dfsg1/socket/item.c:151:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(item_n+1+len)+1;
data/crossfire-1.71.0+dfsg1/socket/item.c:228:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, MIN(strlen(buf), 255));
data/crossfire-1.71.0+dfsg1/socket/item.c:271:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, MIN(strlen(buf), 255));
data/crossfire-1.71.0+dfsg1/socket/item.c:324:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, MIN(strlen(buf), 255));
data/crossfire-1.71.0+dfsg1/socket/item.c:352:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, MIN(strlen(buf), 255));
data/crossfire-1.71.0+dfsg1/socket/item.c:469:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(item_n)+1;
data/crossfire-1.71.0+dfsg1/socket/item.c:471:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(item_n+len);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:146:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddData(sl, data, strlen(data));
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:275:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(fd, sl->buf+sl->len, 2-sl->len);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:325:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(fd, sl->buf+2, 100);
data/crossfire-1.71.0+dfsg1/socket/lowlevel.c:336:20: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
stat = read(fd, sl->buf+sl->len, toread);
data/crossfire-1.71.0+dfsg1/socket/request.c:190:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (sscanf(param, "%dx%d%n", &x, &y, &n) != 2 || n != (int)strlen(param)) {
data/crossfire-1.71.0+dfsg1/socket/request.c:452:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(command, (char *)buf+6, len-4);
data/crossfire-1.71.0+dfsg1/socket/request.c:704:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, New, strlen(New));\
data/crossfire-1.71.0+dfsg1/socket/request.c:857:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, pl->ob->name, strlen(pl->ob->name));
data/crossfire-1.71.0+dfsg1/socket/request.c:1693:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, spell->name, strlen(spell->name));
data/crossfire-1.71.0+dfsg1/socket/request.c:1698:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(spell->msg);
data/crossfire-1.71.0+dfsg1/socket/request.c:1713:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, req, strlen(req));
data/crossfire-1.71.0+dfsg1/socket/request.c:1755:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 26+strlen(spell->name)+(spell->msg ? strlen(spell->msg) : 0);
data/crossfire-1.71.0+dfsg1/socket/request.c:1755:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = 26+strlen(spell->name)+(spell->msg ? strlen(spell->msg) : 0);
data/crossfire-1.71.0+dfsg1/socket/request.c:1759:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size += 2 + (value ? strlen(value) : 0);
data/crossfire-1.71.0+dfsg1/socket/request.c:1819:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(data);
data/crossfire-1.71.0+dfsg1/socket/request.c:2177:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password)<2) {
data/crossfire-1.71.0+dfsg1/socket/request.c:2474:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password)<2) {
data/crossfire-1.71.0+dfsg1/socket/request.c:2497:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(password)>17)
data/crossfire-1.71.0+dfsg1/socket/request.c:2792:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cp[strlen(choiceval)] != ' ') && (cp[strlen(choiceval)] != 0) &&
data/crossfire-1.71.0+dfsg1/socket/request.c:2792:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((cp[strlen(choiceval)] != ' ') && (cp[strlen(choiceval)] != 0) &&
data/crossfire-1.71.0+dfsg1/socket/request.c:2854:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(change)<2) {
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:79:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 16+strlen(skill_names[i]); /* upper bound for length */
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:109:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = 16+strlen(spellpathnames[i]); /* upper bound for length */
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:167:44: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, op->name, strlen(op->name));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:173:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddShort(sl, strlen(op->msg));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:174:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddData(sl, op->msg, strlen(op->msg));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:220:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, buf, strlen(buf));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:221:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, value, strlen(value));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:239:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(sl, token, strlen(token));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:241:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(arch->clone.name));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:417:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, m->name, strlen(m->name));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:420:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, m->clone.name, strlen(m->clone.name));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:427:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen16Data(&sl, m->clone.msg, strlen(m->clone.msg));
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:500:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:504:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:507:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:513:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:516:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:519:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/requestinfo.c:522:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, buf, strlen(buf) + 1);
data/crossfire-1.71.0+dfsg1/socket/sounds.c:77:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, action, strlen(action));
data/crossfire-1.71.0+dfsg1/socket/sounds.c:78:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SockList_AddLen8Data(&sl, name, strlen(name));
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:97:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (isdigit(buf[strlen(buf)-1]))
data/crossfire-1.71.0+dfsg1/test/bugs/bugtrack/check_1727944.c:98:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf[strlen(buf)-1] = 0;
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:131:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strncmp(ob->name, ARCH_SINGULARITY, strlen(ARCH_SINGULARITY)), "Searching for writing pen should NOT have returned a singularity");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:132:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(!strncmp(ob->name, "writing pen", strlen(ob->name)), "Searching for writing pen should have returned something with same base name but returned '%s'", ob->name);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:135:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(strncmp(ob->name, ARCH_SINGULARITY, strlen(ARCH_SINGULARITY)), "Searching for writing pen of hell raiser +3 should NOT have returned a singularity");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:136:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(!strncmp(ob->name, "writing pen of hell raiser +3", strlen(ob->name)), "Searching for writing pen of hell raiser +3 should have returned something with same base name but returned %s", ob->name);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:139:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(!strncmp(ob->name, ARCH_SINGULARITY, strlen(ARCH_SINGULARITY)), "Searching for %* should have returned a singularity");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_arch.c:142:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fail_unless(!strncmp(ob->name, ARCH_SINGULARITY, strlen(ARCH_SINGULARITY)), "Searching for \"\" should have returned a singularity");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:284:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(undead)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:284:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(undead)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:286:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(see invisible)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:286:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(see invisible)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:288:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wield weapon)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:288:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wield weapon)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:290:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(archer)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:290:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(archer)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:292:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wear armour)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:292:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wear armour)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:294:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wear ring)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:294:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(wear ring)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:296:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(read scroll)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:296:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(read scroll)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:298:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(fires wand/rod/horn)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:298:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(fires wand/rod/horn)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:300:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(skill user)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:300:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(skill user)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:302:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(spellcaster)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:302:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(spellcaster)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:304:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(friendly)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:304:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(friendly)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:306:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(unaggressive)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:306:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(unaggressive)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:308:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(hitback)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:308:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(hitback)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:310:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(stealthy)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:310:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(stealthy)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:319:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(Spell abilities:)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:319:58: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(Spell abilities:)");
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:321:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(%s)", t->item->clone.name);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:321:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(%s)", t->item->clone.name);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:327:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(sustenance%+d)", op->contr->digestion);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:327:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(sustenance%+d)", op->contr->digestion);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:330:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(grace%+d)", op->contr->gen_grace);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:330:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(grace%+d)", op->contr->gen_grace);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:333:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(magic%+d)", op->contr->gen_sp);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:333:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(magic%+d)", op->contr->gen_sp);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:336:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(regeneration%+d)", op->contr->gen_hp);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:336:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(regeneration%+d)", op->contr->gen_hp);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:339:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(luck%+d)", op->stats.luck);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:339:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(luck%+d)", op->stats.luck);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:344:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(retbuf);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:366:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(%s %+d)", resist_plus[i], op->resist[i]);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_item.c:366:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
snprintf(retbuf+strlen(retbuf), size-strlen(retbuf), "(%s %+d)", resist_plus[i], op->resist[i]);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_path.c:59:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(tmp, path, sizeof(tmp));
data/crossfire-1.71.0+dfsg1/test/unit/common/check_shstr.c:65:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = malloc(strlen(str1)+1);
data/crossfire-1.71.0+dfsg1/test/unit/common/check_utils.c:115:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
replace(init, "long", "really long", replaced, strlen(init) + 1);
data/crossfire-1.71.0+dfsg1/test/unit/server/check_account.c:171:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j=strlen(char_names[i]);
data/crossfire-1.71.0+dfsg1/test/unit/server/check_shop.c:59:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(map->path, "test", sizeof(map->path) - 1);
data/crossfire-1.71.0+dfsg1/types/common/describe.c:53:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(buf);
data/crossfire-1.71.0+dfsg1/types/common/describe.c:57:13: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(buf+len, " ");
data/crossfire-1.71.0+dfsg1/types/common/describe.c:59:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf+len, desc, size-len-1);
data/crossfire-1.71.0+dfsg1/types/exit/exit.c:103:54: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strncmp(EXIT_PATH(exit), settings.localdir, strlen(settings.localdir)))
data/crossfire-1.71.0+dfsg1/types/lighter/lighter.c:104:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item_name, item->name, sizeof(item_name));
data/crossfire-1.71.0+dfsg1/utils/bwp.c:115:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source = realloc(source, strlen(source)+strlen(add)+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:115:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source = realloc(source, strlen(source)+strlen(add)+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:206:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[var]) > maxlen)
data/crossfire-1.71.0+dfsg1/utils/bwp.c:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(values[var]);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:210:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = calloc(1, strlen(template)+maxlen*(count/2)+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:218:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_result, template, sharp-template);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:220:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(current_result, "#");
data/crossfire-1.71.0+dfsg1/utils/bwp.c:222:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_result = current_result+strlen(current_result);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:231:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_result = current_result+strlen(current_result);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:254:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p && strlen(p) > 0) {
data/crossfire-1.71.0+dfsg1/utils/bwp.c:352:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtext = realloc(newtext, strlen(newtext)+strlen(", ")+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:352:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtext = realloc(newtext, strlen(newtext)+strlen(", ")+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:353:23: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is low because the source is a
constant string.
newtext = strncat(newtext, ", ", 2);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:355:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtext = realloc(newtext, strlen(newtext)+strlen(array->item[i])+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:355:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtext = realloc(newtext, strlen(newtext)+strlen(array->item[i])+1);
data/crossfire-1.71.0+dfsg1/utils/bwp.c:356:19: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
newtext = strncat(newtext, array->item[i], strlen(array->item[i]));
data/crossfire-1.71.0+dfsg1/utils/bwp.c:356:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
newtext = strncat(newtext, array->item[i], strlen(array->item[i]));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:906:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source = realloc(source, strlen(source)+strlen(add)+1);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:906:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
source = realloc(source, strlen(source)+strlen(add)+1);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:995:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(values[var]) > maxlen)
data/crossfire-1.71.0+dfsg1/utils/mapper.c:996:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
maxlen = strlen(values[var]);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:999:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result = calloc(1, strlen(template)+maxlen*(count/2)+1);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1007:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(current_result, template, sharp-template);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1009:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(current_result, "#");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1012:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_result = current_result+strlen(current_result);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1014:83: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (vars[var] != NULL && (strncmp(vars[var], sharp+1, end-sharp-1) || (strlen(vars[var]) != end-sharp-1)))
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1022:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
current_result = current_result+strlen(current_result);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1066:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result) && result[strlen(result)-1] == '/' && *to == '/')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1066:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(result) && result[strlen(result)-1] == '/' && *to == '/')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1067:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
result[strlen(result)-1] = '\0';
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1261:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(add->description) && add->description[strlen(add->description)-1] == '\n')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1261:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(add->description) && add->description[strlen(add->description)-1] == '\n')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1262:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
add->description[strlen(add->description)-1] = '\0';
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1313:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(quest->description) && quest->description[strlen(quest->description)-1] == '\n')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1313:61: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strlen(quest->description) && quest->description[strlen(quest->description)-1] == '\n')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1314:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
quest->description[strlen(quest->description)-1] = '\0';
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1335:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, start+5, end-start-5);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1340:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(description, next, end-next);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1343:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(start, end+4, strlen(map->lore)-(end-start+3));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1367:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, start+7, end-start-7);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1372:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(description, next, end-next);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:1375:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(start, end+4, strlen(map->lore)-(end-start+3));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2003:79: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!start && strncmp(item->msg, "final_map", strlen("final_map")) == 0)
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2009:46: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
start += strlen("final_map")+2;
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2010:37: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ep, start, end-start);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2015:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ep)) {
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2183:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(index_path, "/");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2280:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(html, "/");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2483:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = regions[region]->sum_x*SIZE/regions[region]->sum+SIZE/2-strlen(regions[region]->reg->name)*font->w/2;
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2489:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = regions[region]->sum_x*50/regions[region]->sum+50/2-strlen(regions[region]->reg->name)*font->w/2;
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2558:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(exit_path, "/");
data/crossfire-1.71.0+dfsg1/utils/mapper.c:2756:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, tiled_map_list.maps[map]->tiled_maps.maps[0]->path, sizeof(name));
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3570:13: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(root, argv[arg]+6, 500);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3587:17: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, argv[arg]+8, 500);
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3615:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(root))
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3617:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (root[strlen(root)-1] == '/')
data/crossfire-1.71.0+dfsg1/utils/mapper.c:3618:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
root[strlen(root)-1] = '\0';
ANALYSIS SUMMARY:
Hits = 1784
Lines analyzed = 144040 in approximately 7.84 seconds (18374 lines/second)
Physical Source Lines of Code (SLOC) = 85135
Hits@level = [0] 1193 [1] 582 [2] 967 [3] 25 [4] 204 [5] 6
Hits@level+ = [0+] 2977 [1+] 1784 [2+] 1202 [3+] 235 [4+] 210 [5+] 6
Hits/KSLOC@level+ = [0+] 34.968 [1+] 20.955 [2+] 14.1188 [3+] 2.76032 [4+] 2.46667 [5+] 0.0704763
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.