Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/hatari-2.2.1+dfsg/tests/serial/midi_ser.c
Examining data/hatari-2.2.1+dfsg/tests/serial/scc_ser.c
Examining data/hatari-2.2.1+dfsg/tests/serial/mfp_ser.c
Examining data/hatari-2.2.1+dfsg/tests/debugger/test-symbols.c
Examining data/hatari-2.2.1+dfsg/tests/debugger/test-dummies.c
Examining data/hatari-2.2.1+dfsg/tests/debugger/test-evaluate.c
Examining data/hatari-2.2.1+dfsg/tests/debugger/test-breakcond.c
Examining data/hatari-2.2.1+dfsg/tests/natfeats/natfeats.h
Examining data/hatari-2.2.1+dfsg/tests/natfeats/natfeats.c
Examining data/hatari-2.2.1+dfsg/tests/cpu/int_test.c
Examining data/hatari-2.2.1+dfsg/tests/keymap/keytest.c
Examining data/hatari-2.2.1+dfsg/tests/keymap/listkeys.c
Examining data/hatari-2.2.1+dfsg/tests/keymap/checkkeys.c
Examining data/hatari-2.2.1+dfsg/tests/tosboot/disk/common.h
Examining data/hatari-2.2.1+dfsg/tests/tosboot/disk/common.c
Examining data/hatari-2.2.1+dfsg/tests/tosboot/disk/gemdos.c
Examining data/hatari-2.2.1+dfsg/tests/tosboot/disk/minimal.c
Examining data/hatari-2.2.1+dfsg/src/m68000.c
Examining data/hatari-2.2.1+dfsg/src/gui-osx/CreateFloppyController.h
Examining data/hatari-2.2.1+dfsg/src/gui-osx/SDLMain.h
Examining data/hatari-2.2.1+dfsg/src/gui-osx/Shared.h
Examining data/hatari-2.2.1+dfsg/src/gui-osx/AlertHooks.h
Examining data/hatari-2.2.1+dfsg/src/gui-osx/PrefsController.h
Examining data/hatari-2.2.1+dfsg/src/cfgopts.c
Examining data/hatari-2.2.1+dfsg/src/ncr5380.c
Examining data/hatari-2.2.1+dfsg/src/control.c
Examining data/hatari-2.2.1+dfsg/src/avi_record.c
Examining data/hatari-2.2.1+dfsg/src/ioMem.c
Examining data/hatari-2.2.1+dfsg/src/floppy_stx.c
Examining data/hatari-2.2.1+dfsg/src/joy.c
Examining data/hatari-2.2.1+dfsg/src/xbios.c
Examining data/hatari-2.2.1+dfsg/src/unzip.c
Examining data/hatari-2.2.1+dfsg/src/statusbar.c
Examining data/hatari-2.2.1+dfsg/src/midi.c
Examining data/hatari-2.2.1+dfsg/src/zip.c
Examining data/hatari-2.2.1+dfsg/src/st.c
Examining data/hatari-2.2.1+dfsg/src/vdi.c
Examining data/hatari-2.2.1+dfsg/src/hd6301_cpu.h
Examining data/hatari-2.2.1+dfsg/src/createBlankImage.c
Examining data/hatari-2.2.1+dfsg/src/audio.c
Examining data/hatari-2.2.1+dfsg/src/change.c
Examining data/hatari-2.2.1+dfsg/src/stMemory.c
Examining data/hatari-2.2.1+dfsg/src/screenSnapShot.c
Examining data/hatari-2.2.1+dfsg/src/floppy.c
Examining data/hatari-2.2.1+dfsg/src/options.c
Examining data/hatari-2.2.1+dfsg/src/hdc.c
Examining data/hatari-2.2.1+dfsg/src/msa.c
Examining data/hatari-2.2.1+dfsg/src/ide.c
Examining data/hatari-2.2.1+dfsg/src/keymap.c
Examining data/hatari-2.2.1+dfsg/src/main.c
Examining data/hatari-2.2.1+dfsg/src/scandir.c
Examining data/hatari-2.2.1+dfsg/src/dim.c
Examining data/hatari-2.2.1+dfsg/src/spec512.c
Examining data/hatari-2.2.1+dfsg/src/printer.c
Examining data/hatari-2.2.1+dfsg/src/utils.c
Examining data/hatari-2.2.1+dfsg/src/gui-win/opencon.c
Examining data/hatari-2.2.1+dfsg/src/gui-win/opencon.h
Examining data/hatari-2.2.1+dfsg/src/clocks_timings.c
Examining data/hatari-2.2.1+dfsg/src/ioMemTabST.c
Examining data/hatari-2.2.1+dfsg/src/blitter.c
Examining data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c
Examining data/hatari-2.2.1+dfsg/src/cpu/cpu_prefetch.h
Examining data/hatari-2.2.1+dfsg/src/cpu/memory.c
Examining data/hatari-2.2.1+dfsg/src/cpu/memory.h
Examining data/hatari-2.2.1+dfsg/src/cpu/md-fpp.h
Examining data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.h
Examining data/hatari-2.2.1+dfsg/src/cpu/savestate.h
Examining data/hatari-2.2.1+dfsg/src/cpu/custom.c
Examining data/hatari-2.2.1+dfsg/src/cpu/readcpu.c
Examining data/hatari-2.2.1+dfsg/src/cpu/debug.h
Examining data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h
Examining data/hatari-2.2.1+dfsg/src/cpu/newcpu_common.c
Examining data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c
Examining data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c
Examining data/hatari-2.2.1+dfsg/src/cpu/debug.c
Examining data/hatari-2.2.1+dfsg/src/cpu/maccess.h
Examining data/hatari-2.2.1+dfsg/src/cpu/writelog.c
Examining data/hatari-2.2.1+dfsg/src/cpu/build68k.c
Examining data/hatari-2.2.1+dfsg/src/cpu/mmu_common.h
Examining data/hatari-2.2.1+dfsg/src/cpu/events.h
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_fpp.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_midfunc_x86.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/exception_handler.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu.h
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_midfunc_x86.h
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/flags_x86.h
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_prefs.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c
Examining data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.h
Examining data/hatari-2.2.1+dfsg/src/cpu/machdep/m68k.h
Examining data/hatari-2.2.1+dfsg/src/cpu/machdep/m68k.c
Examining data/hatari-2.2.1+dfsg/src/cpu/machdep/rpt.h
Examining data/hatari-2.2.1+dfsg/src/cpu/fpp.c
Examining data/hatari-2.2.1+dfsg/src/cpu/fpp.h
Examining data/hatari-2.2.1+dfsg/src/cpu/newcpu.c
Examining data/hatari-2.2.1+dfsg/src/cpu/gencpu.c
Examining data/hatari-2.2.1+dfsg/src/cpu/cpummu.c
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat_fpsp.c
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat_decimal.c
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat-specialize.h
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat.h
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat_fpsp_tables.h
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat-macros.h
Examining data/hatari-2.2.1+dfsg/src/cpu/softfloat/softfloat.c
Examining data/hatari-2.2.1+dfsg/src/cpu/debugmem.h
Examining data/hatari-2.2.1+dfsg/src/cpu/cpummu.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/vm.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/string.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/attributes.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/likely.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/types.h
Examining data/hatari-2.2.1+dfsg/src/cpu/uae/time.h
Examining data/hatari-2.2.1+dfsg/src/cpu/events.c
Examining data/hatari-2.2.1+dfsg/src/cpu/compat.h
Examining data/hatari-2.2.1+dfsg/src/cpu/custom.h
Examining data/hatari-2.2.1+dfsg/src/cpu/cpummu030.h
Examining data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h
Examining data/hatari-2.2.1+dfsg/src/cpu/readcpu.h
Examining data/hatari-2.2.1+dfsg/src/cpu/newcpu.h
Examining data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c
Examining data/hatari-2.2.1+dfsg/src/cpu/sysconfig.h
Examining data/hatari-2.2.1+dfsg/src/ioMemTabFalcon.c
Examining data/hatari-2.2.1+dfsg/src/paths.c
Examining data/hatari-2.2.1+dfsg/src/wavFormat.c
Examining data/hatari-2.2.1+dfsg/src/rs232.c
Examining data/hatari-2.2.1+dfsg/src/ioMemTabSTE.c
Examining data/hatari-2.2.1+dfsg/src/rtc.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHalt.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAbout.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFloppy.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMain.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgCpu.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/font10x16.h
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgSystem.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgRom.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgSound.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c
Examining data/hatari-2.2.1+dfsg/src/gui-sdl/font5x8.h
Examining data/hatari-2.2.1+dfsg/src/configuration.c
Examining data/hatari-2.2.1+dfsg/src/fdc.c
Examining data/hatari-2.2.1+dfsg/src/dmaSnd.c
Examining data/hatari-2.2.1+dfsg/src/debug/debugui.h
Examining data/hatari-2.2.1+dfsg/src/debug/console.c
Examining data/hatari-2.2.1+dfsg/src/debug/debugdsp.h
Examining data/hatari-2.2.1+dfsg/src/debug/breakcond.h
Examining data/hatari-2.2.1+dfsg/src/debug/debugui.c
Examining data/hatari-2.2.1+dfsg/src/debug/debug_priv.h
Examining data/hatari-2.2.1+dfsg/src/debug/symbols.c
Examining data/hatari-2.2.1+dfsg/src/debug/symbols.h
Examining data/hatari-2.2.1+dfsg/src/debug/debugInfo.h
Examining data/hatari-2.2.1+dfsg/src/debug/breakcond.c
Examining data/hatari-2.2.1+dfsg/src/debug/a.out.h
Examining data/hatari-2.2.1+dfsg/src/debug/68kDisass.c
Examining data/hatari-2.2.1+dfsg/src/debug/log.c
Examining data/hatari-2.2.1+dfsg/src/debug/debugcpu.h
Examining data/hatari-2.2.1+dfsg/src/debug/debugcpu.c
Examining data/hatari-2.2.1+dfsg/src/debug/profile.c
Examining data/hatari-2.2.1+dfsg/src/debug/profile.h
Examining data/hatari-2.2.1+dfsg/src/debug/profiledsp.c
Examining data/hatari-2.2.1+dfsg/src/debug/vars.c
Examining data/hatari-2.2.1+dfsg/src/debug/debugInfo.c
Examining data/hatari-2.2.1+dfsg/src/debug/history.h
Examining data/hatari-2.2.1+dfsg/src/debug/evaluate.c
Examining data/hatari-2.2.1+dfsg/src/debug/profilecpu.c
Examining data/hatari-2.2.1+dfsg/src/debug/evaluate.h
Examining data/hatari-2.2.1+dfsg/src/debug/vars.h
Examining data/hatari-2.2.1+dfsg/src/debug/natfeats.h
Examining data/hatari-2.2.1+dfsg/src/debug/profile_priv.h
Examining data/hatari-2.2.1+dfsg/src/debug/log.h
Examining data/hatari-2.2.1+dfsg/src/debug/natfeats.c
Examining data/hatari-2.2.1+dfsg/src/debug/history.c
Examining data/hatari-2.2.1+dfsg/src/debug/68kDisass.h
Examining data/hatari-2.2.1+dfsg/src/debug/console.h
Examining data/hatari-2.2.1+dfsg/src/debug/debugdsp.c
Examining data/hatari-2.2.1+dfsg/src/ymFormat.c
Examining data/hatari-2.2.1+dfsg/src/falcon/nvram.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.c
Examining data/hatari-2.2.1+dfsg/src/falcon/microphone.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_core.c
Examining data/hatari-2.2.1+dfsg/src/falcon/nvram.c
Examining data/hatari-2.2.1+dfsg/src/falcon/videl.c
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.h
Examining data/hatari-2.2.1+dfsg/src/falcon/microphone.c
Examining data/hatari-2.2.1+dfsg/src/falcon/videl.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp.c
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c
Examining data/hatari-2.2.1+dfsg/src/falcon/crossbar.h
Examining data/hatari-2.2.1+dfsg/src/falcon/dsp_core.h
Examining data/hatari-2.2.1+dfsg/src/falcon/crossbar.c
Examining data/hatari-2.2.1+dfsg/src/resolution.c
Examining data/hatari-2.2.1+dfsg/src/file.c
Examining data/hatari-2.2.1+dfsg/src/cycInt.c
Examining data/hatari-2.2.1+dfsg/src/video.c
Examining data/hatari-2.2.1+dfsg/src/bios.c
Examining data/hatari-2.2.1+dfsg/src/str.c
Examining data/hatari-2.2.1+dfsg/src/cycles.c
Examining data/hatari-2.2.1+dfsg/src/nf_scsidrv.c
Examining data/hatari-2.2.1+dfsg/src/includes/sdlgui.h
Examining data/hatari-2.2.1+dfsg/src/includes/inffile.h
Examining data/hatari-2.2.1+dfsg/src/includes/vdi.h
Examining data/hatari-2.2.1+dfsg/src/includes/dialog.h
Examining data/hatari-2.2.1+dfsg/src/includes/dmaSnd.h
Examining data/hatari-2.2.1+dfsg/src/includes/scandir.h
Examining data/hatari-2.2.1+dfsg/src/includes/msa.h
Examining data/hatari-2.2.1+dfsg/src/includes/mfp.h
Examining data/hatari-2.2.1+dfsg/src/includes/screenConvert.h
Examining data/hatari-2.2.1+dfsg/src/includes/nf_scsidrv.h
Examining data/hatari-2.2.1+dfsg/src/includes/createBlankImage.h
Examining data/hatari-2.2.1+dfsg/src/includes/paths.h
Examining data/hatari-2.2.1+dfsg/src/includes/rtc.h
Examining data/hatari-2.2.1+dfsg/src/includes/st.h
Examining data/hatari-2.2.1+dfsg/src/includes/ncr5380.h
Examining data/hatari-2.2.1+dfsg/src/includes/ikbd.h
Examining data/hatari-2.2.1+dfsg/src/includes/shortcut.h
Examining data/hatari-2.2.1+dfsg/src/includes/str.h
Examining data/hatari-2.2.1+dfsg/src/includes/cycles.h
Examining data/hatari-2.2.1+dfsg/src/includes/bios.h
Examining data/hatari-2.2.1+dfsg/src/includes/sound.h
Examining data/hatari-2.2.1+dfsg/src/includes/ym2149_fixed_vol.h
Examining data/hatari-2.2.1+dfsg/src/includes/version.h
Examining data/hatari-2.2.1+dfsg/src/includes/xbios.h
Examining data/hatari-2.2.1+dfsg/src/includes/blitter.h
Examining data/hatari-2.2.1+dfsg/src/includes/audio.h
Examining data/hatari-2.2.1+dfsg/src/includes/change.h
Examining data/hatari-2.2.1+dfsg/src/includes/psg.h
Examining data/hatari-2.2.1+dfsg/src/includes/floppy.h
Examining data/hatari-2.2.1+dfsg/src/includes/pixel_convert.h
Examining data/hatari-2.2.1+dfsg/src/includes/acia.h
Examining data/hatari-2.2.1+dfsg/src/includes/statusbar.h
Examining data/hatari-2.2.1+dfsg/src/includes/tos.h
Examining data/hatari-2.2.1+dfsg/src/includes/keymap.h
Examining data/hatari-2.2.1+dfsg/src/includes/stMemory.h
Examining data/hatari-2.2.1+dfsg/src/includes/ide.h
Examining data/hatari-2.2.1+dfsg/src/includes/control.h
Examining data/hatari-2.2.1+dfsg/src/includes/fdc.h
Examining data/hatari-2.2.1+dfsg/src/includes/options.h
Examining data/hatari-2.2.1+dfsg/src/includes/gemdos.h
Examining data/hatari-2.2.1+dfsg/src/includes/cfgopts.h
Examining data/hatari-2.2.1+dfsg/src/includes/cycInt.h
Examining data/hatari-2.2.1+dfsg/src/includes/floppy_ipf.h
Examining data/hatari-2.2.1+dfsg/src/includes/gemdos_defines.h
Examining data/hatari-2.2.1+dfsg/src/includes/avi_record.h
Examining data/hatari-2.2.1+dfsg/src/includes/memorySnapShot.h
Examining data/hatari-2.2.1+dfsg/src/includes/rs232.h
Examining data/hatari-2.2.1+dfsg/src/includes/zip.h
Examining data/hatari-2.2.1+dfsg/src/includes/printer.h
Examining data/hatari-2.2.1+dfsg/src/includes/midi.h
Examining data/hatari-2.2.1+dfsg/src/includes/spec512.h
Examining data/hatari-2.2.1+dfsg/src/includes/utils.h
Examining data/hatari-2.2.1+dfsg/src/includes/floppy_stx.h
Examining data/hatari-2.2.1+dfsg/src/includes/clocks_timings.h
Examining data/hatari-2.2.1+dfsg/src/includes/wavFormat.h
Examining data/hatari-2.2.1+dfsg/src/includes/screenSnapShot.h
Examining data/hatari-2.2.1+dfsg/src/includes/scc.h
Examining data/hatari-2.2.1+dfsg/src/includes/resolution.h
Examining data/hatari-2.2.1+dfsg/src/includes/hdc.h
Examining data/hatari-2.2.1+dfsg/src/includes/video.h
Examining data/hatari-2.2.1+dfsg/src/includes/ioMemTables.h
Examining data/hatari-2.2.1+dfsg/src/includes/screen.h
Examining data/hatari-2.2.1+dfsg/src/includes/ioMem.h
Examining data/hatari-2.2.1+dfsg/src/includes/configuration.h
Examining data/hatari-2.2.1+dfsg/src/includes/m68000.h
Examining data/hatari-2.2.1+dfsg/src/includes/ymFormat.h
Examining data/hatari-2.2.1+dfsg/src/includes/main.h
Examining data/hatari-2.2.1+dfsg/src/includes/file.h
Examining data/hatari-2.2.1+dfsg/src/includes/vs-fix.h
Examining data/hatari-2.2.1+dfsg/src/includes/joy.h
Examining data/hatari-2.2.1+dfsg/src/includes/unzip.h
Examining data/hatari-2.2.1+dfsg/src/includes/reset.h
Examining data/hatari-2.2.1+dfsg/src/includes/cart.h
Examining data/hatari-2.2.1+dfsg/src/includes/dim.h
Examining data/hatari-2.2.1+dfsg/src/reset.c
Examining data/hatari-2.2.1+dfsg/src/tos.c
Examining data/hatari-2.2.1+dfsg/src/sound.c
Examining data/hatari-2.2.1+dfsg/src/memorySnapShot.c
Examining data/hatari-2.2.1+dfsg/src/screenConvert.c
Examining data/hatari-2.2.1+dfsg/src/floppy_ipf.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/memory.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/memory.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/hatari-glue.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/savestate.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/m68k.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/options_cpu.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/hatari-glue.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/maccess.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/fpp-unknown.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/build68k.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/fpp.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/sysdeps.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.h
Examining data/hatari-2.2.1+dfsg/src/uae-cpu/fpp-ieee-be.h
Examining data/hatari-2.2.1+dfsg/src/hd6301_cpu.c
Examining data/hatari-2.2.1+dfsg/src/faketosData.c
Examining data/hatari-2.2.1+dfsg/src/ioMemTabTT.c
Examining data/hatari-2.2.1+dfsg/src/psg.c
Examining data/hatari-2.2.1+dfsg/src/scc.c
Examining data/hatari-2.2.1+dfsg/src/acia.c
Examining data/hatari-2.2.1+dfsg/src/ikbd.c
Examining data/hatari-2.2.1+dfsg/src/shortcut.c
Examining data/hatari-2.2.1+dfsg/src/inffile.c
Examining data/hatari-2.2.1+dfsg/src/mfp.c
Examining data/hatari-2.2.1+dfsg/src/dialog.c
Examining data/hatari-2.2.1+dfsg/src/screen.c
Examining data/hatari-2.2.1+dfsg/src/gemdos.c
Examining data/hatari-2.2.1+dfsg/src/cart.c
Examining data/hatari-2.2.1+dfsg/src/convert/med640x32.c
Examining data/hatari-2.2.1+dfsg/src/convert/low320x16_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/low320x32_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/low640x16_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/macros.h
Examining data/hatari-2.2.1+dfsg/src/convert/low640x16.c
Examining data/hatari-2.2.1+dfsg/src/convert/med640x16.c
Examining data/hatari-2.2.1+dfsg/src/convert/low640x32_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/low320x32.c
Examining data/hatari-2.2.1+dfsg/src/convert/routines.h
Examining data/hatari-2.2.1+dfsg/src/convert/med640x32_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/med640x16_spec.c
Examining data/hatari-2.2.1+dfsg/src/convert/low640x32.c
Examining data/hatari-2.2.1+dfsg/src/convert/low320x16.c
Examining data/hatari-2.2.1+dfsg/src/cartData.c
Examining data/hatari-2.2.1+dfsg/cmake/config-cmake.h
Examining data/hatari-2.2.1+dfsg/tools/debugger/gst2ascii.c
Examining data/hatari-2.2.1+dfsg/tools/hmsa/floppy.c
Examining data/hatari-2.2.1+dfsg/tools/hmsa/floppy.h
Examining data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.h
Examining data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c
FINAL RESULTS:
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:409:9: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
#define chmod posixemu_chmod
data/hatari-2.2.1+dfsg/src/gemdos.c:1980:8: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(szActualFileName, S_IRUSR|S_IRGRP|S_IROTH))
data/hatari-2.2.1+dfsg/src/gemdos.c:2576:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(sActualFileName, S_IRUSR|S_IRGRP|S_IROTH) == 0)
data/hatari-2.2.1+dfsg/src/gemdos.c:2585:7: [5] (race) chmod:
This accepts filename arguments; if an attacker can move those files, a
race condition results. (CWE-362). Use fchmod( ) instead.
if (chmod(sActualFileName, S_IWUSR|S_IRUSR|S_IRGRP|S_IROTH) == 0)
data/hatari-2.2.1+dfsg/src/gemdos.c:2673:3: [5] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings. Risk is high; the length parameter
appears to be a constant, instead of computing the number of characters
left.
strncat(path,&emudrives[Drive-2]->fs_currpath[strlen(emudrives[Drive-2]->hd_emulation_dir)], sizeof(path)-1);
data/hatari-2.2.1+dfsg/src/paths.c:157:7: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
i = readlink("/proc/self/exe", psExecDir, FILENAME_MAX-1);
data/hatari-2.2.1+dfsg/src/cfgopts.c:118:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)ptr->buf, next);
data/hatari-2.2.1+dfsg/src/change.c:49:22: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dprintf(...) printf(__VA_ARGS__)
data/hatari-2.2.1+dfsg/src/configuration.c:675:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.DiskImage.szDiskImageDirectory, psWorkingDir);
data/hatari-2.2.1+dfsg/src/configuration.c:688:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.HardDisk.szHardDiskDirectories[i], psWorkingDir);
data/hatari-2.2.1+dfsg/src/configuration.c:696:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.Acsi[i].sDeviceFile, psWorkingDir);
data/hatari-2.2.1+dfsg/src/configuration.c:703:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.Scsi[i].sDeviceFile, psWorkingDir);
data/hatari-2.2.1+dfsg/src/configuration.c:711:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.Ide[i].sDeviceFile, psWorkingDir);
data/hatari-2.2.1+dfsg/src/configuration.c:774:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Memory.szMemoryCaptureFileName, "%s%chatari.sav",
data/hatari-2.2.1+dfsg/src/configuration.c:776:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Memory.szAutoSaveFileName, "%s%cauto.sav",
data/hatari-2.2.1+dfsg/src/configuration.c:781:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Printer.szPrintToFileName, "%s%chatari.prn",
data/hatari-2.2.1+dfsg/src/configuration.c:838:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Sound.szYMCaptureFileName, "%s%chatari.wav",
data/hatari-2.2.1+dfsg/src/configuration.c:844:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Rom.szTosImageFileName, "%s%ctos.img",
data/hatari-2.2.1+dfsg/src/configuration.c:876:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Video.AviRecordFile, "%s%chatari.avi", psWorkingDir, PATHSEP);
data/hatari-2.2.1+dfsg/src/configuration.c:880:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sConfigFileName, "%s%chatari.cfg", psHomeDir, PATHSEP);
data/hatari-2.2.1+dfsg/src/configuration.c:886:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ConfigureParams.Rom.szTosImageFileName, "%stos.img", Paths_GetDataDir());
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:307:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (tmp, opstrp);
data/hatari-2.2.1+dfsg/src/cpu/compat.h:20:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define console_out printf
data/hatari-2.2.1+dfsg/src/cpu/compat.h:22:54: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define console_out_f(...) { if ( console_out_FILE ) fprintf ( console_out_FILE , __VA_ARGS__ ); else printf ( __VA_ARGS__ ); }
data/hatari-2.2.1+dfsg/src/cpu/compat.h:22:103: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define console_out_f(...) { if ( console_out_FILE ) fprintf ( console_out_FILE , __VA_ARGS__ ); else printf ( __VA_ARGS__ ); }
data/hatari-2.2.1+dfsg/src/cpu/compat.h:25:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define uae_log printf
data/hatari-2.2.1+dfsg/src/cpu/cpummu.c:46:19: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define write_log printf
data/hatari-2.2.1+dfsg/src/cpu/debug.c:342:2: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_vsntprintf (buffer, 4000 - 1, format, parms);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1300:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(extra1, _T("\t%04X %08X %s"), cs->value, cs->pc & ~1, (cs->pc & 1) ? _T("COP") : _T("CPU"));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1302:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(extra2, _T("\t%04X %08X %s"), cs->value, cs->pc & ~1, (cs->pc & 1) ? _T("COP") : _T("CPU"));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2000:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (l2, _T("%4s %03X"), sr, r);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2003:4: [4] (format) _stprintf:
Potential format string problem (CWE-134). Make format string constant.
_stprintf (l3, longsize ? _T("%08X") : _T(" %04X"), dr->dat);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2085:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%9s "), l1l);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2087:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%9s "), l2l);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2089:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%9s "), l3l);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2091:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%9s "), l4l);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2093:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%9s "), l5l);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3342:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (tmp, _T("%s [D]"), bank->name);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3925:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (txt, _T("%08X %7d%c/%d = %7d%c %s%s %s %s"), (j << 16) | bankoffset, size_out, size_ext,
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3964:7: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(r->name, _T("%s"), name);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3965:7: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(r->rom_name, _T("%s"), tmp);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4009:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (txt, _T("%08X %7u%c/%d = %7u%c %s\n"), r->start, size, size_ext,
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4862:2: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
_vsntprintf (buffer, 1000 - 1, format, parms);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:586:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%s"), n ? '-' : '+', _T("inf"));
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:588:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%s"), n ? '-' : '+', _T("nan"));
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:125:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%s"), n ? '-' : '+', _T("inf"));
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:127:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%s"), n ? '-' : '+', _T("snan"));
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:129:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%s"), n ? '-' : '+', _T("nan"));
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:135:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(fsout, _T("%c%01lld.%016llde%c%04d%s%s"), n ? '-' : '+',
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:147:10: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (file, "%x: %u %s\n", &opcode, &count, name) == 3) {
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:543:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s (%d)", prefetch_word, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:545:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "%s (%d)", prefetch_word, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:551:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%d)", prefetch_word, r + 2);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:559:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%d)", prefetch_word, r + 2);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:564:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%d)", prefetch_word, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:579:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "(uae_u8)%s (%d)", prefetch_word, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:581:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "(uae_u8)%s (%d)", prefetch_word, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:587:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "(uae_u8)%s (%d)", prefetch_word, r + 2);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:596:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "(uae_u8)%s (%d)", prefetch_word, r + 2);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:601:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer, "%s (%d)", srcbi, r);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:1371:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (namea, "%sa", name);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:1373:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (rmw_varname, name);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2301:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (getcode, "%s (srca)", srcld);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2303:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (getcode, "(uae_s32)(uae_s16)%s (srca)", srcwd);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2391:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (putcode, "%s (srca", dstld);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2393:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (putcode, "%s (srca", dstwd);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2563:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (unsstr, usstr);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2565:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sstr, vstr);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2566:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dstr, vstr);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2567:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (vstr, value);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2569:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dstr, dst);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2571:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sstr, src);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2574:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (udstr, usstr);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2575:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (udstr, dst);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2577:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (usstr, src);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2580:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (undstr, unsstr);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2583:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (undstr, dst);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2585:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (unsstr, src);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5826:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out, s);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5839:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, decodeEA (ins->smode, ins->size));
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5842:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, decodeEA (ins->dmode, ins->size));
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5846:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, m68k_cc[table68k[opcode].cc]);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:6102:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (fname, "cpuemu_%d%s.c", postfix, extra);
data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c:338:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf (buffer, (*bufsize) - 1, format, parms);
data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c:350:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, format, parms);
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu.h:529:62: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void jit_abort(const char *format,...) __attribute__((format(printf, 1, 2))) __attribute__((__noreturn__));
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:154:17: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
comp_index+=vsprintf(lines+comp_index,format,args);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:204:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (file, "%lx: %lu %s\n", &opcode, &count, name) == 3)
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:522:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(astring,"%sa",name);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:636:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(astring,"%sa",to);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3215:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (out, s);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3228:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, decodeEA (ins->smode, ins->size));
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3231:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (out, decodeEA (ins->dmode, ins->size));
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3461:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf (RETTYPE " REGPARAM2 op_%x_%d_comp_%s(uae_u32 opcode)\n{\n", opcode, postfix, tbl);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2230:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (f, "%x: %lu %s\n", &opcode, &count, name) == 3) {
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2309:6: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T(" [%s%02x]"), cached ? _T("*") : _T(""), v);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2322:6: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T(" [%s%04x]"), cached ? _T("*") : _T(""), v);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2335:6: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T(" [%s%08x]"), cached ? _T("*") : _T(""), v);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2343:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("[%s]"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2350:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("[%s]"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2357:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("[%s]"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2370:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer + _tcslen(buffer), _T(" %s"), name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2445:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%s,"), name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2450:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%s%s,"), dr, mult);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2462:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("%s%s,"), dr, mult);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2503:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("(%s%s%s,$%02x) == $%08x"), name, regstr, mult, disp8, addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2551:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (buffer, _T("(A%d,%s) == $%08x"), reg, offtxt, addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2605:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("#%s"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2613:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("#%s"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2621:4: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(buffer, _T("#%s"), fpp_print(&fp, 0));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2672:3: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (buf, buffer);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7979:3: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf (p, _T("%s%s"), (*first) ? _T("") : _T("/"), movemregs[*lastreg]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7983:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("/%s"), movemregs[*prevreg]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7985:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T("-%s"), movemregs[*prevreg]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8306:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(out, parm);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8422:3: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(parms, p + 1);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8425:2: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(ins, line);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8445:3: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(ins, line);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8483:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tmp, srcea);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8484:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(srcea, dstea);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8485:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(dstea, tmp);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8498:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tmp, srcea);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8499:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(srcea, dstea);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8544:6: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tmp, lookup->name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8545:6: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tmp + (ccp - lookup->name), ccname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8549:7: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(ins, lookup->name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8590:5: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(tmp, srcea);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8592:5: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(srcea + 1, tmp);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8703:5: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(p, txt);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8769:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (instrname, lookup->friendlyname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8771:4: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (instrname, lookup->name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8775:5: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (ccpt, fpccnames[extra & 0x1f]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8796:5: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (instrname, regs);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8798:5: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (instrname, cname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8800:5: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (instrname, cname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8802:5: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat (instrname, regs);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8916:5: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(instrname, _T("FMOVECR.X #0x%02x [%s],FP%d"), extra & 0x7f, fpp_print(&fp, 0), (extra >> 7) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8954:6: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy(instrname, fpuopcodes[ins]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8961:6: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(instrname, fpsizes[size]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8977:7: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
_tcscat(instrname, fpsizes[size]);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9004:7: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
_stprintf(p, _T(" %s"), sname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9163:2: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
_tcscpy (instrname, lookup->name);
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:384:9: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
#define access posixemu_access
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:473:66: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void write_log(const char *, ...) __attribute__ ((format (printf, 1, 2)));
data/hatari-2.2.1+dfsg/src/cpu/uae/attributes.h:27:55: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define UAE_PRINTF_FORMAT(f, a) __attribute__((format(printf, f, a)))
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:24:9: [4] (format) _sntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:24:20: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _sntprintf snprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:25:9: [4] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:25:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
#define _stprintf sprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:27:9: [4] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
#define _tcscat strcat
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:27:17: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
#define _tcscat strcat
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:30:9: [4] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
#define _tcscpy strcpy
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:30:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
#define _tcscpy strcpy
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:50:18: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define _tprintf printf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:55:20: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsnprintf vsnprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:56:9: [4] (format) _vsntprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf vsnprintf
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:56:21: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define _vsntprintf vsnprintf
data/hatari-2.2.1+dfsg/src/cpu/writelog.c:22:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (stderr, fmt, ap);
data/hatari-2.2.1+dfsg/src/cpu/writelog.c:36:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf (f, format, parms);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:383:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/DisassStructs.txt", baseDirectory);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:385:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/DisassStructs_%4.4X.txt", baseDirectory, TosVersion);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:389:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/DisassSymbols.txt", baseDirectory);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:391:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/DisassSymbols_%4.4X.txt", baseDirectory, TosVersion);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:419:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addressLabel, dse->name);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:421:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(commentBuffer, dse->comment);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:436:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(addressLabel, dse->name);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:438:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentBuffer, "[%s]", e->name);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:440:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commentBuffer, e->comment);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:473:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(symbolName, dse->name);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:627:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:686:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s", Disass68kRegname(ea & 0x0F));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:691:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s", Disass68kRegname(ea & 0x0F));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:700:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "(%s)", Disass68kRegname(reg | 8));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:709:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "(%s)+", Disass68kRegname(reg | 8));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:718:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "-(%s)", Disass68kRegname(reg | 8));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:728:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s(%s)", Disass68kNumber(eWord1), Disass68kRegname(reg | 8));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:758:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(regName, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:760:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(regName, "%s", Disass68kRegname(reg | 8));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:791:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "$%lx(%s,%s.%c)", (signed char)(eWord1 & 0xFF) + opcodeAddr + 2, Disass68kSpecialRegister(REG_PC), Disass68kRegname(xn), c);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:794:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s(%s,%s.%c)", numStr, regName, Disass68kRegname(xn), c);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:799:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "$%lx(%s,%s.%c*%d)", (signed char)(eWord1 & 0xFF) + opcodeAddr + 2, Disass68kSpecialRegister(REG_PC), Disass68kRegname(xn), c, 1 << scale);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:802:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s(%s,%s.%c*%d)", numStr, regName, Disass68kRegname(xn), c, 1 << scale);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:811:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentBuffer+strlen(commentBuffer), "%s", symStr);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:865:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s", Disass68kNumber(bd));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:877:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf+strlen(disassbuf), "%s", Disass68kNumber(bd));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:886:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(disassbuf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:895:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(disassbuf, regName);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:909:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf+strlen(disassbuf), "%s.%c", Disass68kRegname(xn), c);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:912:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf+strlen(disassbuf), "%s.%c*%d", Disass68kRegname(xn), c, 1 << scale);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:931:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf+strlen(disassbuf), "%s", Disass68kNumber(od));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:955:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s.w", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:957:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "(%s).w", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:989:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:991:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "(%s).l", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:996:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s", Disass68kNumber((eWord1 << 16) | eWord2));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:998:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "(%s).l", Disass68kNumber((eWord1 << 16) | eWord2));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1015:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s(%s)", sp, Disass68kSpecialRegister(REG_PC));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1017:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "$%lx(%s)", (signed short)eWord1 + *addr - 2, Disass68kSpecialRegister(REG_PC));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1020:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "$%lx(%s)", (signed short)eWord1 + *addr - 2, Disass68kSpecialRegister(REG_PC));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1023:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "%s(%s)", Disass68kNumber(eWord1),sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1056:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "#%s", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1061:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "#%s", Disass68kNumber(eWord1));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1071:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "#%s", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1076:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(disassbuf, "#%s", Disass68kNumber((eWord1 << 16) | eWord2));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1092:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(disassbuf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1118:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(disassbuf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1777:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(labelBuffer, "%s:", addressLabel);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1778:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentBuffer, "%s", cmtBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1798:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(operandBuffer, hbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1812:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(operandBuffer, hbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1826:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(operandBuffer, hbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1907:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(operandBuffer,"%s", sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1926:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(commentBuffer, "%s ", cmtBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2035:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2040:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dbuf, sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2289:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dbuf, Disass68kSpecialRegister(REG_FPU_FPIAR));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2295:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dbuf, Disass68kSpecialRegister(REG_FPU_FPSR));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2301:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(dbuf, Disass68kSpecialRegister(REG_FPU_FPCR));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2440:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(commentBuffer, lineAStr[lineAVal]);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:164:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define ENTERFUNC(args) { _traceIndent += 2; _spaces(); printf args ; fflush(stdout); }
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:165:37: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define EXITFUNC(args) { _spaces(); printf args ; fflush(stdout); _traceIndent -= 2; }
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1070:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, normalized);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1651:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(command, "pc=$%x %c%s", addr, cut?':':' ', cut?cut:"");
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:420:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmdbuffer, command);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:74:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, path);
data/hatari-2.2.1+dfsg/src/debug/log.c:253:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(hLogFile, psFormat, argptr);
data/hatari-2.2.1+dfsg/src/debug/log.c:275:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(hLogFile, psFormat, argptr);
data/hatari-2.2.1+dfsg/src/debug/log.c:293:3: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(psTmpBuf, 2048, psFormat, argptr);
data/hatari-2.2.1+dfsg/src/debug/log.h:80:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/hatari-2.2.1+dfsg/src/debug/log.h:82:26: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
__attribute__ ((format (printf, 2, 3)));
data/hatari-2.2.1+dfsg/src/debug/log.h:214:43: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if (unlikely(LogTraceFlags & (level))) { fprintf(TraceFile, __VA_ARGS__); fflush(TraceFile); }
data/hatari-2.2.1+dfsg/src/debug/log.h:230:30: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define LOG_TRACE_PRINT(...) fprintf(TraceFile , __VA_ARGS__)
data/hatari-2.2.1+dfsg/src/falcon/dsp.c:44:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dprintf(a) printf a
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:534:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr, "%s %s", opcodes_alu[cur_inst & BITMASK(8)], parallelmove_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:554:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset = sprintf(str_instr2, "p:%04x %06x (%02d cyc) %-*s\n", prev_inst_pc, cur_inst, dsp_core.instr_cycle, len, str_instr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:556:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
offset = sprintf(str_instr2, "p:%04x %06x %06x (%02d cyc) %-*s\n", prev_inst_pc, cur_inst, read_memory(prev_inst_pc + 1), dsp_core.instr_cycle, len, str_instr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:568:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr, "%s %s", opcodes_alu[cur_inst & BITMASK(8)], parallelmove_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:590:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, cc_name[cc_mode & BITMASK(4)]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:607:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg, numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:611:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg, numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:615:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg, numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:619:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:623:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:627:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:631:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:638:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[value], read_memory(dsp_core.pc+1));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:642:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(dest, ea_names[8], read_memory(dsp_core.pc+1));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:735:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bchg #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:751:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"y:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:753:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"x:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:756:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bchg #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:776:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bchg #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:787:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bchg #%d,%s", numbit, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:807:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bclr #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:823:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"y:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:825:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"x:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:828:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bclr #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:848:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bclr #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:859:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bclr #%d,%s", numbit, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:879:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bset #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:895:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"y:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:897:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"x:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:900:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bset #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:920:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bset #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:931:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"bset #%d,%s", numbit, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:951:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"btst #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:967:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"y:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:969:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name,"x:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:972:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"btst #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:992:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"btst #%d,%s", numbit, name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1003:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"btst #%d,%s", numbit, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1026:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"div %s,%s", registers_name[srcreg],registers_name[destreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1041:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"do %s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1068:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "y:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1070:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "x:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1073:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"do %s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1083:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"do %s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1108:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"j%s p:%s", cond_name, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1120:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"j%s p:%s", cond_name, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1142:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1164:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "y:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1166:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "x:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1169:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1196:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1213:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1231:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jmp p:%s", dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1243:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"js%s p:%s", cond_name, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1255:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"js%s p:%s", cond_name, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1277:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1299:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "y:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1301:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "x:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1304:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1331:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1348:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsclr #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1374:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1396:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "y:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1398:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "x:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1401:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1428:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1445:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1463:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsr p:%s", dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1485:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1507:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "y:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1509:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "x:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1512:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1539:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1556:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"jsset #%d,%s,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1571:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"lua %s,n%d", addr_name, numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1573:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"lua %s,r%d", addr_name, numreg);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1588:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movec %s,%s", registers_name[numreg2], registers_name[numreg1]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1591:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movec %s,%s", registers_name[numreg1], registers_name[numreg2]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1617:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "%s:$%04x", spacename, addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1618:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1621:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1622:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "%s:$%04x", spacename, addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1625:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movec %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1636:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movec #$%02x,%s", (cur_inst>>8) & BITMASK(8), registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1665:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "#%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1667:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "%s:%s", spacename, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1669:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1672:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1673:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "%s:%s", spacename, addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1676:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movec %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1690:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "p:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1691:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1694:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1695:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "p:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1698:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movem %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1713:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "p:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1714:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1717:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1718:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "p:%s", addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1721:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movem %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1741:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(srcname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1757:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstname, registers_name[numreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1760:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movep %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1780:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "p:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1796:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "p:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1799:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movep %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1828:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "#%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1831:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "y:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1833:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(srcname, "x:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1852:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "y:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1854:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(dstname, "x:%s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1858:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"movep %s,%s", srcname, dstname);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1873:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"norm %s,%s", registers_name[srcreg], registers_name[destreg]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1907:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"rep %s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1926:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "y:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1928:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "x:%s",addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1931:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"rep %s", name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1938:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"rep %s", registers_name[(cur_inst>>8) & BITMASK(6)]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1979:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"t%s %s,%s %s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1987:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(str_instr,"t%s %s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2032:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2076:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"%s,%s #%s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2083:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"%s,%s y:%s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2092:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"%s,%s %s,y:%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2116:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"#%s,%s %s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2123:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"x:%s,%s %s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2132:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name,"%s,x:%s %s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2159:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,r%d",addr_name, (cur_inst>>8) & BITMASK(3));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2166:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,%s", registers_name[numreg1], registers_name[numreg2]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2171:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "#$%02x,%s", (cur_inst >> 8) & BITMASK(8), registers_name[numreg1]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2215:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "#%s,%s", addr_name, registers_lmove[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2217:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "l:%s,%s", addr_name, registers_lmove[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2221:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,l:%s", registers_lmove[value], addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2242:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "#%s,%s", addr_name, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2244:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "y:%s,%s", addr_name, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2249:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,y:%s", registers_name[value], addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2258:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "#%s,%s", addr_name, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2260:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "x:%s,%s", addr_name, registers_name[value]);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2264:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,x:%s", registers_name[value], addr_name);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2313:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "x:%s,%s y:%s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2320:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "x:%s,%s %s,y:%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2329:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,x:%s y:%s,%s",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2336:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(parallelmove_name, "%s,x:%s %s,y:%s",
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:203:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(nvram_filename, "%s%c%s", psHomeDir, PATHSEP, sBaseName);
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:205:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(nvram_filename, sBaseName);
data/hatari-2.2.1+dfsg/src/file.c:110:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( Filename_new , Filename_old );
data/hatari-2.2.1+dfsg/src/file.c:111:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( Filename_new + strlen ( Filename_new ) - strlen ( Extension_old ) , Extension_new );
data/hatari-2.2.1+dfsg/src/file.c:393:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(szString, fmt, pszFileName);
data/hatari-2.2.1+dfsg/src/file.c:464:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pName, ptr1+1);
data/hatari-2.2.1+dfsg/src/file.c:470:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pName, pSrcFileName);
data/hatari-2.2.1+dfsg/src/file.c:482:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pExt, ptr2+1);
data/hatari-2.2.1+dfsg/src/file.c:514:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filepath, pDir);
data/hatari-2.2.1+dfsg/src/file.c:521:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&filepath[len], pName);
data/hatari-2.2.1+dfsg/src/file.c:528:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(&filepath[len], pExt);
data/hatari-2.2.1+dfsg/src/file.c:546:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pDestFileName, pSrcFileName); /* It fits! */
data/hatari-2.2.1+dfsg/src/file.c:556:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(pDestFileName, &pSrcFileName[strlen(pSrcFileName)-maxlen/2+1]);
data/hatari-2.2.1+dfsg/src/file.c:825:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(pFileName, pTempName); /* Copy back */
data/hatari-2.2.1+dfsg/src/floppy.c:411:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.DiskImage.szDiskZipPath[Drive], pszZipPath);
data/hatari-2.2.1+dfsg/src/floppy.c:590:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(EmulationDrives[Drive].sFileName, filename);
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:567:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( TrackFileName , ConfigureParams.DiskImage.szDiskFileName[Drive] );
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1017:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type I restore spinup=%s verify=%s steprate=%d drive=%d tr=0x%x head_track=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1023:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type I seek dest_track=0x%x spinup=%s verify=%s steprate=%d drive=%d tr=0x%x head_track=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1029:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type I step %d spinup=%s verify=%s steprate_ms=%d drive=%d tr=0x%x head_track=0x%x",
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1036:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type I step in spinup=%s verify=%s steprate=%d drive=%d tr=0x%x head_track=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1042:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type I step out spinup=%s verify=%s steprate=%d drive=%d tr=0x%x head_track=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1048:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type II read sector sector=0x%x multi=%s spinup=%s settle=%s tr=0x%x head_track=0x%x"
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1056:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type II write sector sector=0x%x multi=%s spinup=%s settle=%s tr=0x%x head_track=0x%x"
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1064:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type III read address spinup=%s settle=%s tr=0x%x head_track=0x%x side=%d drive=%d addr=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1070:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type III read track spinup=%s settle=%s tr=0x%x head_track=0x%x side=%d drive=%d addr=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1076:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf ( buf , "type III write track spinup=%s settle=%s tr=0x%x head_track=0x%x side=%d drive=%d addr=0x%x" ,
data/hatari-2.2.1+dfsg/src/floppy_stx.c:425:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char *) p , WD1772_SAVE_FILE_ID ); /* +0 .. +5 */
data/hatari-2.2.1+dfsg/src/floppy_stx.c:458:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char *) p , WD1772_SAVE_SECTOR_ID ); /* +0 .. +3 */
data/hatari-2.2.1+dfsg/src/floppy_stx.c:509:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( (char *) p , WD1772_SAVE_TRACK_ID ); /* +0 ... +3 */
data/hatari-2.2.1+dfsg/src/gemdos.c:433:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(newstr, string);
data/hatari-2.2.1+dfsg/src/gemdos.c:549:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(emudrives[i]->fs_currpath, emudrives[i]->hd_emulation_dir);
data/hatari-2.2.1+dfsg/src/gemdos.c:582:6: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (access(lpstrPath, F_OK) != 0 )
data/hatari-2.2.1+dfsg/src/gemdos.c:591:20: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (iDrive > 1 && access(lpstrPath, F_OK) == 0 )
data/hatari-2.2.1+dfsg/src/gemdos.c:734:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(emudrives[i]->hd_emulation_dir, ConfigureParams.HardDisk.szHardDiskDirectories[0]);
data/hatari-2.2.1+dfsg/src/gemdos.c:743:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(emudrives[i]->hd_emulation_dir, sDriveLetter);
data/hatari-2.2.1+dfsg/src/gemdos.c:1239:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, origname);
data/hatari-2.2.1+dfsg/src/gemdos.c:2075:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(szActualFileName, pszFileName);
data/hatari-2.2.1+dfsg/src/gemdos.c:2129:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FileHandles[Index].szMode, ModeStr);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:139:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(t, text);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:149:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dlglines[i] + offset, t);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:242:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.Midi.sMidiInPortName, dlgMidiInName);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:244:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ConfigureParams.Midi.sMidiOutPortName, dlgMidiOutName);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:147:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstr, files[i+ypos]->d_name);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:150:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tempstr, path);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:151:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(tempstr, files[i+ypos]->d_name);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:453:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:454:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst+slen, add);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:522:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zippath, zipdir);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:523:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(zippath, zipfilename);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:773:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zipdir, tempstr);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:779:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zipdir, tempstr);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:793:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(zipfilename, files[selection]->d_name);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:813:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, tempstr);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:826:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, files[selection]->d_name);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:841:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, files[selection]->d_name);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:897:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path, home);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:912:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dlgpath, path);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:928:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, dlgfname);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFloppy.c:137:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confname, selname);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:127:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(confname, selname);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMain.c:149:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sConfigFileName, psNewCfg);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMain.c:158:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sConfigFileName, psNewCfg);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:28:21: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define Dprintf(a) printf a
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:499:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&str[2], rdlg[objnum].txt);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:523:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&str[2], cdlg[objnum].txt);
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:4966:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hd6301_str_instr, hd6301_opcode.op_mnemonic, 0);
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:4969:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hd6301_str_instr, hd6301_opcode.op_mnemonic, hd6301_read_memory(hd6301_reg_PC+1));
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:4972:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hd6301_str_instr, hd6301_opcode.op_mnemonic, hd6301_get_memory_ext());
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:4975:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(hd6301_str_instr, hd6301_opcode.op_mnemonic,
data/hatari-2.2.1+dfsg/src/inffile.c:535:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inf + winoffset1, drivewin);
data/hatari-2.2.1+dfsg/src/inffile.c:543:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inf + winoffset1, drivewin);
data/hatari-2.2.1+dfsg/src/inffile.c:548:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(inf + winoffset2, contents + winoffset1);
data/hatari-2.2.1+dfsg/src/inffile.c:738:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, format, prgname);
data/hatari-2.2.1+dfsg/src/inffile.c:757:5: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(fp, format, prgname);
data/hatari-2.2.1+dfsg/src/joy.c:27:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dprintf(a) printf a
data/hatari-2.2.1+dfsg/src/main.c:840:3: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(psGlobalConfig, FILENAME_MAX, CONFDIR"%chatari.cfg", PATHSEP);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:152:7: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
if (!access(device_file, R_OK | W_OK))
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:208:10: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
while (!access(device_file, F_OK))
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:321:4: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(str, i ? ":$%02X" : "$%02X", cmd[i]);
data/hatari-2.2.1+dfsg/src/options.c:550:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s %s", opt->str, opt->arg);
data/hatari-2.2.1+dfsg/src/options.c:561:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s or %s", opt->str, opt->chr);
data/hatari-2.2.1+dfsg/src/options.c:886:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src);
data/hatari-2.2.1+dfsg/src/paths.c:225:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sUserHomeDir, psDrive);
data/hatari-2.2.1+dfsg/src/paths.c:227:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(sUserHomeDir, psHome);
data/hatari-2.2.1+dfsg/src/paths.c:242:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sHatariHomeDir, "%s%c%s", sUserHomeDir, PATHSEP, HATARI_HOME_DIR);
data/hatari-2.2.1+dfsg/src/paths.c:248:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sHatariHomeDir, "%s%c.hatari", sUserHomeDir, PATHSEP);
data/hatari-2.2.1+dfsg/src/paths.c:257:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sHatariHomeDir, "%s%c.config", sUserHomeDir, PATHSEP);
data/hatari-2.2.1+dfsg/src/paths.c:267:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sHatariHomeDir, "%s%c%s", sUserHomeDir, PATHSEP, HATARI_HOME_DIR);
data/hatari-2.2.1+dfsg/src/paths.c:271:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sHatariHomeDir, sUserHomeDir);
data/hatari-2.2.1+dfsg/src/paths.c:318:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(sDataDir, "%s%c%s", psExecDir, PATHSEP, BIN2DATADIR);
data/hatari-2.2.1+dfsg/src/paths.c:324:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sDataDir, BIN2DATADIR);
data/hatari-2.2.1+dfsg/src/printer.c:24:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dprintf(a) printf a
data/hatari-2.2.1+dfsg/src/resolution.c:22:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUGPRINT(x) printf x
data/hatari-2.2.1+dfsg/src/rs232.c:40:20: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define Dprintf(a) printf a
data/hatari-2.2.1+dfsg/src/scandir.c:192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(findIn, dirname);
data/hatari-2.2.1+dfsg/src/scandir.c:253:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(selectDir->d_name, find.cFileName);
data/hatari-2.2.1+dfsg/src/scc.c:49:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
#define bug printf
data/hatari-2.2.1+dfsg/src/screen.c:53:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUGPRINT(x) printf x
data/hatari-2.2.1+dfsg/src/screenSnapShot.c:241:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szFileName,"%s/grab%4.4d.png", Paths_GetScreenShotDir(), nScreenShots);
data/hatari-2.2.1+dfsg/src/screenSnapShot.c:249:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(szFileName,"%s/grab%4.4d.bmp", Paths_GetScreenShotDir(), nScreenShots);
data/hatari-2.2.1+dfsg/src/shortcut.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy ( FileNameB , ConfigureParams.DiskImage.szDiskFileName[ 1 ] );
data/hatari-2.2.1+dfsg/src/statusbar.c:58:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
# define DEBUGPRINT(x) printf x
data/hatari-2.2.1+dfsg/src/statusbar.c:873:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FdcOld, FdcNew);
data/hatari-2.2.1+dfsg/src/statusbar.c:883:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(JoysticksOld, JoysticksNew);
data/hatari-2.2.1+dfsg/src/str.c:213:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dst, src);
data/hatari-2.2.1+dfsg/src/str.c:460:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, source);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:130:9: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (file, "%lx: %lu %s\n", &opcode, &count, name) == 3) {
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:708:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (unsstr, usstr);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:710:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (sstr, vstr);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:711:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (dstr, vstr);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:712:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (vstr, value);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:714:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (dstr, dst);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:716:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (sstr, src);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:719:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (udstr, usstr);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:720:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (udstr, dst);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:722:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (usstr, src);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:725:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (undstr, unsstr);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:728:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (undstr, dst);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:730:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (unsstr, src);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:344:13: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while (fscanf (f, "%lx: %lu %s\n", &opcode, &count, name) == 3) {
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:459:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%08lx", name,
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:505:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf (buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%08lx", name,
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:567:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (buf, buffer);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:2013:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (instrname, lookup->name);
data/hatari-2.2.1+dfsg/src/zip.c:143:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filelist[i], filename_inzip);
data/hatari-2.2.1+dfsg/src/zip.c:327:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fentries[i]->d_name, files->names[i]);
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:58:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, psFormat, argptr);
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:70:2: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stdout, psFormat, argptr);
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:217:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dstfile, srcfile);
data/hatari-2.2.1+dfsg/src/control.c:621:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
parent_win_id = getenv("PARENT_WIN_ID");
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:177:16: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
TCHAR *name = getenv ("INSNCOUNT");
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:411:9: [3] (tmpfile) tmpnam:
Temporary file race condition (CWE-377).
#define tmpnam posixemu_tmpnam
data/hatari-2.2.1+dfsg/src/debug/debugui.c:863:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("LINES")) != NULL)
data/hatari-2.2.1+dfsg/src/debug/debugui.c:865:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if ((p = getenv("COLUMS")) != NULL)
data/hatari-2.2.1+dfsg/src/file.c:957:12: [3] (tmpfile) GetTempFileName:
Temporary file race condition in certain cases (e.g., if run as SYSTEM in
many versions of Windows) (CWE-377).
uRetVal = GetTempFileName(lpTempPathBuffer, /* directory for tmp files */
data/hatari-2.2.1+dfsg/src/main.c:891:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/hatari-2.2.1+dfsg/src/paths.c:91:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
pPathEnv = getenv("PATH");
data/hatari-2.2.1+dfsg/src/paths.c:204:11: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
psHome = getenv("HOME");
data/hatari-2.2.1+dfsg/src/paths.c:215:13: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
psDrive = getenv("HOMEDRIVE");
data/hatari-2.2.1+dfsg/src/paths.c:218:12: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
psHome = getenv("HOMEPATH");
data/hatari-2.2.1+dfsg/src/screen.c:375:7: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
if (getenv("PARENT_WIN_ID") != NULL) /* Embedded window? */
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:218:18: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *name = getenv ("INSNCOUNT");
data/hatari-2.2.1+dfsg/src/uae-cpu/sysdeps.h:64:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random rand
data/hatari-2.2.1+dfsg/src/acia.c:299:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( pAllACIA[ 0 ].ACIA_Name , "ikbd" );
data/hatari-2.2.1+dfsg/src/acia.c:300:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy ( pAllACIA[ 1 ].ACIA_Name , "midi" );
data/hatari-2.2.1+dfsg/src/avi_record.c:510:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( p , text , 4 );
data/hatari-2.2.1+dfsg/src/avi_record.c:1032:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[20];
data/hatari-2.2.1+dfsg/src/avi_record.c:1301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InfoString[ 100 ];
data/hatari-2.2.1+dfsg/src/avi_record.c:1324:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
pAviParams->FileOut = fopen ( AviFileName , "wb+" );
data/hatari-2.2.1+dfsg/src/cart.c:83:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&RomMem[0xfa0000], pCartData+4, 0x20000);
data/hatari-2.2.1+dfsg/src/cart.c:87:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&RomMem[0xfa0000], pCartData, nCartSize);
data/hatari-2.2.1+dfsg/src/cart.c:132:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&RomMem[0xfa0000], Cart_data, sizeof(Cart_data));
data/hatari-2.2.1+dfsg/src/cfgopts.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hatari-2.2.1+dfsg/src/cfgopts.c:154:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename,"r");
data/hatari-2.2.1+dfsg/src/cfgopts.c:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/hatari-2.2.1+dfsg/src/cfgopts.c:305:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfgfile = fopen(filename, "r");
data/hatari-2.2.1+dfsg/src/cfgopts.c:310:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfgfile = fopen(filename, "w");
data/hatari-2.2.1+dfsg/src/cfgopts.c:318:13: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
tempfile = tmpfile(); /* Open a temporary file for output */
data/hatari-2.2.1+dfsg/src/cfgopts.c:322:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempfile = fopen(sTempCfgName, "w+");
data/hatari-2.2.1+dfsg/src/cfgopts.c:438:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
cfgfile = fopen(filename, "wb");
data/hatari-2.2.1+dfsg/src/change.c:597:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cmdline+i-1, cmdline+i, strlen(cmdline+i)+1);
data/hatari-2.2.1+dfsg/src/configuration.c:42:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sConfigFileName[FILENAME_MAX]; /* Stores the name of the configuration file */
data/hatari-2.2.1+dfsg/src/configuration.c:635:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Log.sLogFileName, "stderr");
data/hatari-2.2.1+dfsg/src/configuration.c:636:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Log.sTraceFileName, "stderr");
data/hatari-2.2.1+dfsg/src/configuration.c:786:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.RS232.szOutFileName, "/dev/modem");
data/hatari-2.2.1+dfsg/src/configuration.c:787:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.RS232.szInFileName, "/dev/modem");
data/hatari-2.2.1+dfsg/src/configuration.c:790:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.RS232.sSccBOutFileName, "/dev/modem");
data/hatari-2.2.1+dfsg/src/configuration.c:795:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Midi.sMidiInFileName, "/dev/snd/midiC1D0");
data/hatari-2.2.1+dfsg/src/configuration.c:796:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Midi.sMidiOutFileName, "/dev/snd/midiC1D0");
data/hatari-2.2.1+dfsg/src/configuration.c:797:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Midi.sMidiInPortName, "Off");
data/hatari-2.2.1+dfsg/src/configuration.c:798:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Midi.sMidiOutPortName, "Off");
data/hatari-2.2.1+dfsg/src/configuration.c:882:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sConfigFileName, "hatari.cfg");
data/hatari-2.2.1+dfsg/src/control.c:398:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[400];
data/hatari-2.2.1+dfsg/src/control.c:525:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fifo = open(path, O_RDONLY | O_NONBLOCK);
data/hatari-2.2.1+dfsg/src/control.c:652:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[12]; /* 32-bits in hex (+ '\r') + '\n' + '\0' */
data/hatari-2.2.1+dfsg/src/control.c:665:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%dx%d", width, height);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:68:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tablef = fopen("table68k","r");
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:81:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opcstr[256];
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:234:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fm[20];
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:290:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100], *p;
data/hatari-2.2.1+dfsg/src/cpu/cpummu.c:1734:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&__exbuf,&s_try_stack[s_try_stack_size-1],sizeof(jmp_buf));
data/hatari-2.2.1+dfsg/src/cpu/cpummu.c:1747:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s_try_stack[s_try_stack_size],j,sizeof(jmp_buf));
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:98:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char table_letter[4] = {'A','B','C','D'};
data/hatari-2.2.1+dfsg/src/cpu/debug.c:339:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[4000];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:586:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[10];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:667:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[10];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:746:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[10], *tp;
data/hatari-2.2.1+dfsg/src/cpu/debug.c:886:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[256];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:930:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR form[256], *p;
data/hatari-2.2.1+dfsg/src/cpu/debug.c:943:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("%u"), v);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1049:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR s[100];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1212:2: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out, _T("%08X "), addr);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1219:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out + 9 + i * 5, _T("%02X%02X "), b1, b2);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1224:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (out + 9 + i * 5, _T("**** "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1235:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (out + (9 + 4 + 1) * sizeof (TCHAR), ab->name, _tcslen (ab->name) * sizeof (TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1242:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR line[MAX_LINEWIDTH + 1];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1256:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR extra1[256], extra2[256];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1652:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR str[100];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1771:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[100];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1773:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(tmp, _T("%03d: %08x - %08x %08x (%d) %.5f%%\n"), lines + 1,
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1792:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&hms, &linestore[lines1], sizeof(struct heatmapstore));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1793:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&linestore[lines1], &linestore[lines2], sizeof(struct heatmapstore));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1794:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&linestore[lines2], &hms, sizeof(struct heatmapstore));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1981:2: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (l1, _T("[%02X %3d]"), hpos, hpos);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1983:3: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (l4, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1988:5: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (l2, _T("CPU-R "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1990:5: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (l2, _T("CPU-W "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2006:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (l4, _T("%08X"), dr->addr & 0x00ffffff);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2008:3: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (l2, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2010:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (l3, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2038:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (l5, _T("%08X"), cycles + (vpos * maxhpos + hpos) * CYCLE_UNIT);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2069:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l1[81];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2070:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l2[81];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2071:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l3[81];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2072:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l4[81];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2073:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l5[81];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2080:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l1l[16], l2l[16], l3l[16], l4l[16], l5l[16];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2182:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (record, _T(" [%03x %03x]"), cr->vpos, cr->hpos);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3341:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[200];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3346:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (newbank, bank, sizeof(addrbank));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3440:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&membank_stores[j].store, a2, sizeof (addrbank));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3443:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (a1, a2, sizeof (addrbank));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3771:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR str[2];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3836:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[UAE_MEMORY_REGION_NAME_LENGTH];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3837:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR rom_name[UAE_MEMORY_REGION_NAME_LENGTH];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3855:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR txt[256];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3870:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3938:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (p, _T(" (%08X)"), crc);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3942:7: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (tmp, _T("\n"));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3969:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (txt, _T("\n"));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4003:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR txt[256];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4039:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cstr, bstr + 1, bstr[0]);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4136:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[256];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4655:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR pn[200];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4857:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[1000];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4914:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[80];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5102:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR parm[10];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5179:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR parm[10];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5256:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR l1[16], l2[16], l3[16], l4[16];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5735:7: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buf[200];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5737:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buf, _T("0 dff000 200 NONE"));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5740:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buf, _T("1 0 %08x NONE"), currprefs.chipmem_size);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5744:8: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buf, _T("2 c00000 %08x NONE"), currprefs.bogomem_size);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5901:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR input[MAX_LINEWIDTH];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5976:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (trace_insn_copy, regs.pc_p, 10);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5977:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&trace_prev_regs, ®s, sizeof regs);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:6193:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR txt[100];
data/hatari-2.2.1+dfsg/src/cpu/debug.c:6195:2: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (txt, _T("PC=%08X INS=%04X %04X %04X"),
data/hatari-2.2.1+dfsg/src/cpu/debug.c:6573:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR empty[2] = { 0 };
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:573:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR fsout[32];
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:579:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(fsout, _T("%04X-%08X-%08X"), w1 >> 16, w2, w3);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:593:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(fsout, _T("#%Le"), fpd->fp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:595:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(fsout, _T("#%e"), fpd->fp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1076:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1097:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str, "%#.17Le", fp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1099:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str, "%#.17e", fp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1112:8: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
exp = atoi (cp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:112:9: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR fsout[32];
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:116:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(fsout, _T("%04X-%08X-%08X"), fx->high, (uae_u32)(fx->low >> 32), (uae_u32)fx->low);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:94:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char rmw_varname[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:137:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:142:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen ("frequent.68k", "r");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:171:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char endlabelstr[80];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:537:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:549:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "regs.irc");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:557:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "regs.irc");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:573:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:585:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "(uae_u8)regs.irc");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:594:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer, "(uae_u8)regs.irc");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:821:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:838:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:1365:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namea[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getcode[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char putcode[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstr[100], sstr[100], dstr[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2544:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usstr[100], udstr[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2545:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unsstr[100], undstr[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2549:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s8)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2550:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u8)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2553:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s16)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2554:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u16)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2557:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s32)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2558:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u32)(");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2568:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2570:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (dstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2572:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2576:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (udstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2578:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (usstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2584:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (undstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2586:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (unsstr, "))");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5723:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5728:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"Dn");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5731:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"An");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5734:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(An)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5737:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(An)+");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5740:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"-(An)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5743:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d16,An)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5746:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d8,An,Xn)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5749:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d16,PC)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5752:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d8,PC,Xn)");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5755:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(xxx).W");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5758:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(xxx).L");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5763:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.B");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5766:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.W");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5769:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.L");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5776:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.B");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5779:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.W");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5782:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.L");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5785:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5815:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5832:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".B");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5834:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".W");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5836:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".L");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5845:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out, " (");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5927:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5931:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "((opcode >> %d) & %d)", pos, smsk);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5933:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(opcode & %d)", smsk);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5965:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (endlabelstr, "l_%d", endlabelno);
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:6081:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[100];
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:6287:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerfile = fopen ("cputbl.h", "wb");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:6289:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stblfile = fopen ("cpustbl.c", "wb");
data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.c:3608:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char x86_vendor_id[16];
data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.c:3639:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * x86_processor_string_table[X86_PROCESSOR_max] = {
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c:516:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c:537:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c:551:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c:1024:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uae_u8 *)target,block,blocklen);
data/hatari-2.2.1+dfsg/src/cpu/jit/compemu_support.c:4896:38: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
uaecptr block_addr = start_pc + ((char *)pc_hist[0].location - (char *)start_pc_p);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:133:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char endstr[1000];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:134:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lines[100000];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:198:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen ("frequent.68k", "r");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:294:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:296:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "comp_get_ilong((m68k_pc_offset+=4)-4)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:306:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:308:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "comp_get_iword((m68k_pc_offset+=2)-2)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:318:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:320:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "comp_get_ibyte((m68k_pc_offset+=2)-2)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:521:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char astring[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:635:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char astring[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3131:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3136:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"Dn");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3139:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"An");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3142:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(An)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3145:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(An)+");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3148:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"-(An)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3151:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d16,An)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3154:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d8,An,Xn)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3157:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d16,PC)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3160:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(d8,PC,Xn)");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3163:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(xxx).W");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3166:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"(xxx).L");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3171:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.B");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3174:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.W");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3177:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.L");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3184:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.B");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3187:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.W");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3190:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>.L");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3193:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (buffer,"#<data>");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3204:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char out[100];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3221:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".B");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3223:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".W");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3225:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (out,".L");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3316:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[100];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3323:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(((opcode >> %d) | (opcode << %d)) & %d)",
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "((opcode >> %d) & %d)", pos ^ 8, smsk);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3328:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(opcode & %d)", smsk);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3341:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "((opcode >> %d) & %d)", pos, smsk);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3343:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(opcode & %d)", smsk);
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3426:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char flags[64 * 6];
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3428:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (global_isjump) strcat(flags, "COMP_OPCODE_ISJUMP|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3429:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (long_opcode) strcat(flags, "COMP_OPCODE_LONG_OPCODE|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3430:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (global_cmov) strcat(flags, "COMP_OPCODE_CMOV|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3431:21: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (global_isaddx) strcat(flags, "COMP_OPCODE_ISADDX|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3432:22: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (global_iscjump) strcat(flags, "COMP_OPCODE_ISCJUMP|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3433:19: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if (global_fpu) strcat(flags, "COMP_OPCODE_USES_FPU|");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3543:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerfile = fopen (GEN_PATH "comptbl.h", "wb");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3549:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stblfile = fopen (GEN_PATH "compstbl.cpp", "wb");
data/hatari-2.2.1+dfsg/src/cpu/memory.h:156:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[128];
data/hatari-2.2.1+dfsg/src/cpu/memory.h:814:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[UAE_MEMORY_REGION_NAME_LENGTH];
data/hatari-2.2.1+dfsg/src/cpu/memory.h:815:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR rom_name[UAE_MEMORY_REGION_NAME_LENGTH];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:185:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (icountfilename (), "w");
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:1965:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cpudatatbl[opcode], &cpudatatbl[idx], sizeof(struct cputbl_data));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2223:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (icountfilename (), "r");
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2227:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[20];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2307:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T(" [%02x:%02x]"), v, v2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2320:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T(" [%04x:%04x]"), v, v2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2333:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T(" [%08x:%08x]"), v, v2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2361:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T("[%08x%08x%08x]"), get_long_debug(addr), get_long_debug(addr + 4), get_long_debug(addr + 8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2368:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2385:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR mult[20];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2404:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(mult, _T("*%d"), m);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2409:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dr[20];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2416:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(dr, _T("%c%d.%c"), dp & 0x8000 ? 'A' : 'D', (int)r, dp & 0x800 ? 'L' : 'W');
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2422:3: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(buffer, _T("("));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2426:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("["));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2432:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%04x,"), (uae_s16)disp);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2438:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%08x,"), disp);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2457:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("],"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2468:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%04x,"), (uae_s16)outer);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2473:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%08x,"), outer);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2480:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(")"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2492:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(" == $%08x"), addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2497:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regstr[20];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2501:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(regstr, _T(",%c%d.%c"), dp & 0x8000 ? 'A' : 'D', (int)r, dp & 0x800 ? 'L' : 'W');
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2505:4: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(buffer, _T(" (68020+)"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2518:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buffer[80];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2522:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("D%d"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2525:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("A%d"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2528:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("(A%d)"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2533:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("(A%d)+"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2538:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("-(A%d)"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2544:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR offtxt[8];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2547:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (offtxt, _T("-$%04x"), -disp16);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2549:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (offtxt, _T("$%04x"), disp16);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2557:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[10];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2558:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(name, _T("A%d"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2566:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("(PC,$%04x) == $%08x"), disp16 & 0xffff, addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2577:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("$%04x"), (uae_u16)addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2583:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("$%08x"), addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2590:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%02x"), (get_iword_debug (pc) & 0xff));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2594:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%04x"), (get_iword_debug (pc) & 0xffff));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2598:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T("#$%08x"), (get_ilong_debug(pc)));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2626:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(buffer, _T("#$%08x%08x%08x"), get_ilong_debug(pc), get_ilong_debug(pc + 4), get_ilong_debug(pc + 8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2635:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%02x"), (uae_u32)(offset & 0xff));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2645:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%04x"), (uae_u32)(offset & 0xffff));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2654:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%08x"), (uae_u32)offset);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2663:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (buffer, _T("#$%02x"), (uae_u8)offset);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4413:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&fallback_regs, ®s, sizeof(struct regstruct));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4695:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[10];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4699:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (tmp, _T(",A%d"), (next >> 4) & 15);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4725:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR fname[100];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4735:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (fname, _T("FC=%x MASK=%x EA=%08x"), fc, mask, 0);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4738:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (fname, _T("FC=%x MASK=%x"), fc, mask);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:4743:3: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy (fname, _T("ALL"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5523:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR out[100];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5536:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out, _T("opendevice"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5540:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out, _T("closedevice"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5544:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out, _T("beginio"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5549:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (out, _T("abortio"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5716:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r->regs, &cputrace.regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:5768:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cputrace.regs, &r->regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:6378:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR buf[100];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7010:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r->regs, &cputrace.regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7026:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->prefetch020, &cputrace.prefetch020, CPU_PIPELINE_MAX * sizeof(uae_u16));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7027:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->prefetch020_valid, &cputrace.prefetch020_valid, CPU_PIPELINE_MAX * sizeof(uae_u8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7028:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&caches020, &cputrace.caches020, sizeof caches020);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7100:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cputrace.regs, &r->regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7119:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.prefetch020, &r->prefetch020, CPU_PIPELINE_MAX * sizeof (uae_u16));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7120:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.prefetch020_valid, &r->prefetch020_valid, CPU_PIPELINE_MAX * sizeof(uae_u8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7121:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.caches020, &caches020, sizeof caches020);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7206:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&r->regs, &cputrace.regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7222:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->prefetch020, &cputrace.prefetch020, CPU_PIPELINE_MAX * sizeof(uae_u16));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7223:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&r->prefetch020_valid, &cputrace.prefetch020_valid, CPU_PIPELINE_MAX * sizeof(uae_u8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7224:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&caches020, &cputrace.caches020, sizeof caches020);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7267:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&cputrace.regs, &r->regs, 16 * sizeof (uae_u32));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7286:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.prefetch020, &r->prefetch020, CPU_PIPELINE_MAX * sizeof(uae_u16));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7287:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.prefetch020_valid, &r->prefetch020_valid, CPU_PIPELINE_MAX * sizeof(uae_u8));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7288:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cputrace.caches020, &caches020, sizeof caches020);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8027:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(out, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8041:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8047:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(".B "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8050:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(".W "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8053:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(".L "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8056:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8327:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(s, _T("#%X"), v);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8377:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(d, _T("#%X"), regmask);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8385:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR ins[256], parms[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8386:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR line[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8387:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR srcea[256], dstea[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8472:3: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(ins, _T("BT"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8477:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(ins, _T("MVMLE"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8481:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8482:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(ins, _T("MVMEL"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8492:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(ins, _T("MOVEC2"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8496:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8497:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(ins, _T("MOVE2C"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8520:4: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(ins, _T("A"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8541:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8589:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tmp[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8696:3: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(" == $%08x "), addr2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8698:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR txt[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8702:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(p, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8718:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR instrname[256], *ccpt;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8719:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR segout[256], segname[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8785:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR regs[16];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8792:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (regs, _T("%c%d"), r >= 8 ? 'A' : 'D', r >= 8 ? r - 8 : r);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8797:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8801:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8814:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8823:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",D%d:D%d"), extra & 7, (extra >> 12) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8825:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",D%d"), (extra >> 12) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8832:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",%c%d"), (extra & 0x8000) ? 'A' : 'D', (extra >> 12) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8835:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("%c%d,"), (extra & 0x8000) ? 'A' : 'D', (extra >> 12) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8850:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("D%d,"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8852:4: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(" {"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8855:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("D%d"), (extra >> 6) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8857:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("%d"), (extra >> 6) & 31);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8858:4: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(":"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8861:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("D%d"), extra & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8863:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("%d"), extra & 31);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8864:4: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("}"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8867:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",D%d"), reg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8871:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("BC"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8873:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("IC"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8875:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("DC"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8877:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("?"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8880:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",(A%d)"), opcode & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8885:5: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("(A%d)+,(A%d)+"), opcode & 7, (extra >> 12) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8894:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("(A%d)+,$%08x"), ay, addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8897:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%08x,(A%d)+"), addr, ay);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8900:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("(A%d),$%08x"), ay, addr);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8903:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("$%08x,(A%d)"), addr, ay);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8927:6: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("FMOVEM.X "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8932:6: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("FMOVEM.L "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8934:7: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("FMOVE.L "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8939:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(instrname, _T("D%d"), dreg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8942:6: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8948:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",D%d"), dreg);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8956:6: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("F?"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8960:6: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("FMOVE."));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8962:6: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8964:6: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T("FP%d,"), (extra >> 7) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8968:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(" {D%d}"), (kfactor >> 4));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8972:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(" {%d}"), kfactor);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8976:7: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T("."));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8978:7: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(instrname, _T(" "));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8982:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(".X FP%d"), (extra >> 10) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8986:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",FP%d"), (extra >> 7) & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8989:7: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf(p, _T(",FP%d"), extra & 7);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8994:4: [2] (buffer) _tcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer. Risk is low because the source is a constant string.
_tcscpy(instrname, _T("A-LINE"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9001:6: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR sname[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9014:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9065:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR segout[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9067:5: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat(segout, _T(":\n"));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9070:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(symbolpos, segout, _tcslen(segout) * sizeof(TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9080:4: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR sourceout[256];
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9169:16: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
case sz_byte: _tcscat (instrname, _T(".B ")); break;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9170:16: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
case sz_word: _tcscat (instrname, _T(".W ")); break;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9171:16: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
case sz_long: _tcscat (instrname, _T(".L ")); break;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9172:11: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
default: _tcscat (instrname, _T(" ")); break;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9179:3: [2] (buffer) _tcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Risk is low because the source is a constant string.
_tcscat (instrname, _T(","));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9188:4: [2] (buffer) _stprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
_stprintf (instrcode, _T("%04x "), get_iword_debug (oldpc + i * 2));
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:32:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR path[MAX_PATHS][PATH_MAX];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:73:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *custom[MAX_INPUT_SUB_EVENT_ALL];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:84:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR *custom[MAX_INPUT_DEVICE_EVENTS][MAX_INPUT_SUB_EVENT_ALL];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:97:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR custom[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:100:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[MAX_JPORT_NAME];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:101:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR configname[MAX_JPORT_CONFIG];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:102:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR shortid[16];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:155:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR name[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:163:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR df[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:166:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dfxclickexternal[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:206:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR devname[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:207:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR volname[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:208:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR rootdir[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:213:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filesys[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:214:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR geometry[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:319:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR label[16];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:320:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR commands[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:321:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filterprofile[64];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:350:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR gfx_filtershader[2 * MAX_FILTERSHADERS + 1][MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:351:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR gfx_filtermask[2 * MAX_FILTERSHADERS + 1][MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:352:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR gfx_filteroverlay[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:381:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:382:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romident[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:389:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR configtext[ROMCONFIG_CONFIGTEXT_LEN];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:429:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR loadfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:456:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR description[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:457:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR category[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:458:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR tags[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:459:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR info[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:461:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR config_hardware_path[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:462:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR config_host_path[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:463:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR config_all_path[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:464:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR config_path[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:465:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR config_window_title[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:479:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR ghostscript_parameters[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:485:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR debugging_options[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:581:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR genlock_image_file[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:582:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR genlock_video_file[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:625:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filesys_inject_icons_tool[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:626:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filesys_inject_icons_project[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:627:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR filesys_inject_icons_drawer[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:677:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:678:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romident[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:679:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romextfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:681:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romextfile2[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:682:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR romextident[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:683:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR flashfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:684:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR rtcfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:685:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cartfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:686:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR cartident[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:688:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR pci_devices[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:689:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR prtname[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:690:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR sername[256];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:691:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR a2065name[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:692:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR ne2000pciname[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:693:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR ne2000pcmcianame[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:694:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR picassoivromfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:696:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR quitstatefile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:697:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR statefile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:698:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR inprecfile[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:719:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR ppc_model[32];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:783:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR dfxlist[MAX_SPARE_DRIVES][MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:788:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR luafiles[MAX_LUA_STATES][MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:837:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_commandpathstart[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:838:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_commandpathend[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:839:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_parjoyport0[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:840:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_parjoyport1[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:841:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_guipage[32];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:842:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR win32_guiactivepage[32];
data/hatari-2.2.1+dfsg/src/cpu/options_cpu.h:881:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR input_config_name[GAMEPORT_INPUT_SETTINGS][256];
data/hatari-2.2.1+dfsg/src/cpu/readcpu.c:257:3: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR mnemonic[10];
data/hatari-2.2.1+dfsg/src/cpu/savestate.h:257:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern TCHAR savestate_fname[MAX_DPATH];
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:362:5: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR d_name[1];
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:386:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define open posixemu_open
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:432:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen(a,b) stdioemu_fopen(a, b)
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:53:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstoi atoi
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:54:16: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
#define _tstol atol
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:69:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, cpy_len * sizeof(TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:84:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, src, cpy_len);
data/hatari-2.2.1+dfsg/src/createBlankImage.c:169:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDirStart , VolumeLabel , LabelSize );
data/hatari-2.2.1+dfsg/src/createBlankImage.c:171:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pDirStart , VolumeLabel , 8+3 );
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:147:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "r");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:299:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *parameterPtr[10];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:368:45: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
disSymbolEntries[disSymbolCounts].count = atol(parameterPtr[1]);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:380:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:459:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char symbolName[128];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:475:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(symbolName+strlen(symbolName), "+%d*%d", dse->size, offset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:477:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(symbolName+strlen(symbolName), "+%d", reminder);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:488:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char regName[3];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:520:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char numString[32];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:523:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numString, "%d", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:532:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numString, "'%c%c%c%c'", c0, c1, c2, c3);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:534:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(numString, "$%x", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:567:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[8];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:671:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regName[3];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:819:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", (signed char)(eWord1 & 0xFF) + opcodeAddr + 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:964:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "$%8.8lx.w", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:966:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "$%4.4lx.w", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:969:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "($%8.8lx).w", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:971:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "($%4.4lx).w", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1024:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", (signed short)eWord1 + *addr - 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1084:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "%d", parameterValue);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1120:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "$%lx", *addr + pcoffset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1123:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "$%lx", *addr + pcoffset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1128:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "*-$%lx", -pcoffset - 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1130:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(disassbuf, "*+$%lx", pcoffset + 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1132:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", *addr + pcoffset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1336:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char operationSize[4];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char op[5];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1764:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressLabel[256];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmtBuffer[256];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1784:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.B");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1787:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[16];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1797:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hbuf,"$%2.2x", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1805:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.W");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1808:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[16];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1811:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hbuf,"$%4.4x", Disass68kGetWord(addr+i*2));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1819:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.L");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1822:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hbuf[16];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1825:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hbuf,"$%8.8x", (Disass68kGetWord(addr+i*4) << 16) | Disass68kGetWord(addr+i*4+2));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1833:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.B");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1864:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.B");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1893:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(sp, "',0");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1905:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer,"DC.L");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1909:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(operandBuffer,"$%8.8x", val);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2001:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *pmmuCond[16] = { "BS", "BC", "LS", "LC", "SS", "SC", "AS", "AC", "WS", "WC", "IS", "IC", "GS", "GC", "CS", "CC" };
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2002:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *braCond[16] = { "RA", "SR", "HI", "LS", "CC", "CS", "NE", "EQ", "VC", "VS", "PL", "MI", "GE", "LT", "GT", "LE" };
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2003:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *sccCond[16] = { "T", "F", "HI", "LS", "CC", "CS", "NE", "EQ", "VC", "VS", "PL", "MI", "GE", "LT", "GT", "LE" };
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2004:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *dbCond[16] = { "T", "RA", "HI", "LS", "CC", "CS", "NE", "EQ", "VC", "VS", "PL", "MI", "GE", "LT", "GT", "LE" };
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2005:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *fpuCond[64] = { "F", "EQ", "OGT", "OGE", "OLT", "OLE", "OGL", "OR", "UN", "UEQ", "UGT", "UGE", "ULT", "ULE", "NE", "T", "SF", "SEQ", "GT", "GE", "LT", "LE", "GL", "GLE", "NGLE", "NGL", "NLE", "NLT", "NGE", "NGT", "SNE", "ST" };
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2006:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[8];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2230:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dbuf, "%d", (signed char)kFactor);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2258:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x00: strcat(commentBuffer, "PI"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2259:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x0B: strcat(commentBuffer, "Log10(2)"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2261:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x0D: strcat(commentBuffer, "Log2(e)"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2262:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x0E: strcat(commentBuffer, "Log10(e)"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2263:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x0F: strcat(commentBuffer, "0.0"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2264:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x30: strcat(commentBuffer, "1n(2)"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2265:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x31: strcat(commentBuffer, "1n(10)"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2266:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x32: strcat(commentBuffer, "100"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2267:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x33: strcat(commentBuffer, "10^1"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2268:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x34: strcat(commentBuffer, "10^2"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2269:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x35: strcat(commentBuffer, "10^4"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2270:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x36: strcat(commentBuffer, "10^8"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2271:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x37: strcat(commentBuffer, "10^16"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2272:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x38: strcat(commentBuffer, "10^32"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2273:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x39: strcat(commentBuffer, "10^64"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2274:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3A: strcat(commentBuffer, "10^128"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2275:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3B: strcat(commentBuffer, "10^256"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2276:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3C: strcat(commentBuffer, "10^512"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2277:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3D: strcat(commentBuffer, "10^1024"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2278:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3E: strcat(commentBuffer, "10^2048"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2279:17: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
case 0x3F: strcat(commentBuffer, "10^4096"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2421:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *lineAStr[16] = { "Line-A Initialization",
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2457:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(opcodeBuffer, "DC.W");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2458:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(operandBuffer,"$%4.4x", Disass68kGetWord(addr));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2487:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuffer[1024];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2489:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addressBuffer[32];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2490:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexdumpBuffer[256];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2491:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char labelBuffer[258];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2492:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opcodeBuffer[64];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2493:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char operandBuffer[256];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2494:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char commentBuffer[258];
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2500:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addressBuffer, "$%*.*x :", addrWidth,addrWidth, addr);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2513:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexdumpBuffer+strlen(hexdumpBuffer), "%2.2x", Disass68kGetWord(addr+j) >> 8);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2515:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hexdumpBuffer+strlen(hexdumpBuffer), "%4.4x", Disass68kGetWord(addr+j));
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:135:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "w");
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1520:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skip = atoi(option);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1620:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *cut, command[32];
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:415:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuffer[16], argbuffer[12];
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:422:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(argbuffer, "$%x", arg);
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:455:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addrbuf[6], spacebuf[2] = "X";
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:458:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf, "$%x", (Uint16)(arg&0xffff));
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:490:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regname[3];
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:492:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[12], addrbuf[6];
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:519:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addrbuf, "$%x", regvalue & mask);
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:524:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cmdbuf, "dd");
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:74:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(psArgs[1], "rb")) == NULL)
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:127:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(psArgs[1], "wb")) == NULL)
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:275:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[5];
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:511:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int count = atoi(psArgs[arg]);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:698:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
steps = atoi(psArgv[1]);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:740:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[40];
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:761:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "CpuOpcodeType & $%x > 0 :once :quiet\n", optype);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:780:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "pc=$%x :once :quiet\n", nextpc);
data/hatari-2.2.1+dfsg/src/debug/debugdsp.c:293:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
steps = atoi(psArgv[1]);
data/hatari-2.2.1+dfsg/src/debug/debugdsp.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[40];
data/hatari-2.2.1+dfsg/src/debug/debugdsp.c:354:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "DspOpcodeType & $%x > 0 :once :quiet\n", optype);
data/hatari-2.2.1+dfsg/src/debug/debugdsp.c:370:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(command, "pc=$%x :once :quiet\n", nextpc);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char lastResult[10];
data/hatari-2.2.1+dfsg/src/debug/debugui.c:75:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(filename, ".debug");
data/hatari-2.2.1+dfsg/src/debug/debugui.c:169:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(lastResult, "%x", value);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:178:43: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *errstr, *expression = (const char *)psArgs[1];
data/hatari-2.2.1+dfsg/src/debug/debugui.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuestr[12];
data/hatari-2.2.1+dfsg/src/debug/debugui.c:266:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
count = sprintf(valuestr, "$%x", value);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:272:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, valuestr, count);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:287:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp, input, start-input);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:289:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, valuestr, count);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:291:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(start, end, strlen(end) + 1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:332:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[4];
data/hatari-2.2.1+dfsg/src/debug/debugui.c:485:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
exitval = atoi(psArgv[1]);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *psArgs[64], *input;
data/hatari-2.2.1+dfsg/src/debug/debugui.c:586:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sLastCmd[80] = { '\0' };
data/hatari-2.2.1+dfsg/src/debug/debugui.c:731:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *str, buf[32];
data/hatari-2.2.1+dfsg/src/debug/debugui.c:753:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, &(rl_line_buffer[start]), len);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:1074:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(debugCommand, uicommand, sizeof(dbgcommand_t) * debugCommands);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:1075:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&debugCommand[debugCommands], cpucmd, sizeof(dbgcommand_t) * cpucmds);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:1077:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&debugCommand[debugCommands], dspcmd, sizeof(dbgcommand_t) * dspcmds);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:1200:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(path, "r")))
data/hatari-2.2.1+dfsg/src/debug/evaluate.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[OSTACK_MAX + 1];
data/hatari-2.2.1+dfsg/src/debug/evaluate.c:206:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64];
data/hatari-2.2.1+dfsg/src/debug/evaluate.c:218:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, str, len);
data/hatari-2.2.1+dfsg/src/debug/history.c:236:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
} else if ((fp = fopen(name, "w"))) {
data/hatari-2.2.1+dfsg/src/debug/history.c:265:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
limit = atoi(psArgs[2]);
data/hatari-2.2.1+dfsg/src/debug/history.c:274:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
count = atoi(psArgs[1]);
data/hatari-2.2.1+dfsg/src/debug/profile.c:566:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(out = fopen(fname, "w"))) {
data/hatari-2.2.1+dfsg/src/debug/profile.c:607:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
profile_loop.fp = fopen(profile_loop.filename, "w");
data/hatari-2.2.1+dfsg/src/debug/profile.c:628:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile_loop.cpu_limit = atoi(psArgs[3]);
data/hatari-2.2.1+dfsg/src/debug/profile.c:630:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
profile_loop.dsp_limit = atoi(psArgs[4]);
data/hatari-2.2.1+dfsg/src/debug/profile.c:666:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
show = atoi(psArgs[2]);
data/hatari-2.2.1+dfsg/src/debug/symbols.c:294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[23];
data/hatari-2.2.1+dfsg/src/debug/symbols.c:852:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char symchar, buffer[128], name[MAX_SYM_SIZE+1], *buf;
data/hatari-2.2.1+dfsg/src/debug/symbols.c:1018:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/hatari-2.2.1+dfsg/src/debug/symbols.c:1023:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "r");
data/hatari-2.2.1+dfsg/src/debug/symbols.c:1047:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->addresses, list->names, list->namecount * sizeof(symbol_t));
data/hatari-2.2.1+dfsg/src/debug/symbols.c:1349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[80];
data/hatari-2.2.1+dfsg/src/dim.c:88:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDiskBuffer, pDimFile+32, *pImageSize);
data/hatari-2.2.1+dfsg/src/dim.c:143:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fhdl = fopen(pszFileName, "rb");
data/hatari-2.2.1+dfsg/src/dim.c:163:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDimFile + 32, pBuffer, ImageSize);
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:1934:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frqDMA[11], frqDAC[11], frqDSP[11], frqEXT[11];
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:1935:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char frqSTE[30], frq25Mhz[30], frq32Mhz[30];
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:1936:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dataSize[15];
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:1937:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *matrix_tab[8] = {
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2021:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(frqDSP, "(STe Freq)");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2022:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(frqDMA, "(STe Freq)");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2023:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(frqEXT, "(STe Freq)");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2024:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(frqDAC, "(STe Freq)");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2029:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0: strcpy(frqDSP, " (25 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2030:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(frqDSP, "(External)"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2031:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(frqDSP, " (32 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2032:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(frqDSP, "undefined "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2037:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0: strcpy(frqDMA, " (25 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2038:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(frqDMA, "(External)"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2039:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(frqDMA, " (32 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2040:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(frqDMA, "undefined "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2045:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0: strcpy(frqEXT, " (25 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2046:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy(frqEXT, "(External)"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2047:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy(frqEXT, " (32 Mhz) "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2048:14: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(frqEXT, "undefined "); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2052:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(frqDAC, " (25 Mhz) ");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2057:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0: strcpy (dataSize, "8 bits stereo"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2058:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 1: strcpy (dataSize, "16 bits stereo"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2059:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 2: strcpy (dataSize, "8 bits mono"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2060:12: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy (dataSize, "undefined"); break;
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2065:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(frqSTE, "Ste Freq : %d Khz", Ste_SampleRates[IoMem_ReadByte(0xff8921) & 0x3]);
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2066:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (frq25Mhz, "25 Mhz Freq : - Khz");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2067:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (frq32Mhz, "32 Mzh Freq : - Khz");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2070:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (frqSTE, "Ste Freq : - Khz");
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2071:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(frq25Mhz, "25 Mhz Freq : %d Khz", Falcon_SampleRates_25Mhz[(IoMem_ReadByte(0xff8935) & 0xf) - 1]);
data/hatari-2.2.1+dfsg/src/falcon/crossbar.c:2072:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(frq32Mhz, "32 Mzh Freq : %d Khz", Falcon_SampleRates_32Mhz[(IoMem_ReadByte(0xff8935) & 0xf) - 1]);
data/hatari-2.2.1+dfsg/src/falcon/dsp.c:301:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsp_core_save, &dsp_core, sizeof(dsp_core));
data/hatari-2.2.1+dfsg/src/falcon/dsp.c:363:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *spaces[3][4] = {
data/hatari-2.2.1+dfsg/src/falcon/dsp.c:565:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[MAX_REGNAME_LEN];
data/hatari-2.2.1+dfsg/src/falcon/dsp.c:641:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reg[MAX_REGNAME_LEN];
data/hatari-2.2.1+dfsg/src/falcon/dsp_core.c:580:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsp_core.rom[DSP_SPACE_X][0x100], x_rom, sizeof(x_rom));
data/hatari-2.2.1+dfsg/src/falcon/dsp_core.c:581:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&dsp_core.rom[DSP_SPACE_Y][0x100], y_rom, sizeof(y_rom));
data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.c:125:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str_disasm_memory[2][50]; /* Buffer for memory change text in disasm mode */
data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.c:742:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr2, ptr1, sizeof(dsp_core));
data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.c:756:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr1, ptr2, sizeof(dsp_core));
data/hatari-2.2.1+dfsg/src/falcon/dsp_cpu.c:1411:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_disasm_memory[disasm_memory_ptr],"Mem: %c:0x%04x 0x%06x -> 0x%06x", space_c, address, oldvalue, curvalue);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str_instr[80];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str_instr2[120];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char parallelmove_name[64];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:78:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *registers_name[64]={
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:366:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *registers_lmove[8] = {
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:377:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *ea_names[9] = {
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:389:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *cc_name[16] = {
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:560:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr2+offset, "%5.2f%% (%"PRId64", %"PRId64", %d)\n",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:695:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr, "dc $%06x", cur_inst);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:698:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr, "$%06x unknown instruction", cur_inst);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:705:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr, "andi #$%02x,mr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:708:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr, "andi #$%02x,ccr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:711:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr, "andi #$%02x,omr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:722:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:730:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:732:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:742:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:763:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:771:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:773:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:794:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:802:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:804:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:843:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:845:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:866:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:874:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:876:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:907:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:915:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:917:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:938:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:946:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:948:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:979:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:987:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"y:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:989:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name,"x:$%04x",value+0xffc0);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1031:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1036:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "y:$%04x", (cur_inst>>8) & BITMASK(6));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1038:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "x:$%04x", (cur_inst>>8) & BITMASK(6));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1051:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"do #$%04x,p:$%04x",
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1059:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16], name[18];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1091:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"enddo");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1096:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"illegal");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cond_name[16], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1113:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cond_name[16], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1116:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_name, "$%04x", cur_inst & BITMASK(12));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1137:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1139:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1191:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1193:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1222:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"jmp p:$%04x", cur_inst & BITMASK(12));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1236:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cond_name[16], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1248:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cond_name[16], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1251:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_name, "$%04x", cur_inst & BITMASK(12));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1262:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1272:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1274:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1288:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1315:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1326:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1328:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1359:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1369:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1371:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1385:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1412:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1423:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1425:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1454:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"jsr p:$%04x", cur_inst & BITMASK(12));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1459:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dstname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1480:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1482:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1496:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1523:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1534:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1536:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", value);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1565:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16], numreg;
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1598:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16],dstname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1642:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18], dstname[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1683:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16], srcname[18], dstname[18];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1686:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_name, "$%04x",(cur_inst>>8) & BITMASK(6));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1705:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16], srcname[18], dstname[18];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1726:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[16]="",dstname[16]="";
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1744:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1746:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1752:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1754:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1765:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18] = "", dstname[18] = "", name[16] = "";
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1783:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1785:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1791:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1793:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1804:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char srcname[18] = "", dstname[18] = "", name[16] = "";
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1838:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1840:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dstname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1846:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "y:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1848:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(srcname, "x:$%04x", addr);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1863:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"nop");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1880:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"ori #$%02x,mr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1883:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"ori #$%02x,ccr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1886:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"ori #$%02x,omr", (cur_inst>>8) & BITMASK(8));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1896:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1902:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "y:$%04x",(cur_inst>>8) & BITMASK(6));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1904:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "x:$%04x",(cur_inst>>8) & BITMASK(6));
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1913:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"rep #$%02x", ((cur_inst>>8) & BITMASK(8))
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1919:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[18], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1943:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"reset");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1948:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"rti");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1953:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"rts");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1958:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"stop");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1963:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"swi");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1968:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ccname[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:1997:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(str_instr,"wait");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2014:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char space_name[16], addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2053:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr_name[16];
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2204:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_name,"$%04x", ea_mode);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2231:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(addr_name,"$%04x", ea_mode);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char addr1_name[16], addr2_name[16];
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char nvram_filename[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:66:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(nvram_filename, "rb");
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:72:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(nvram+NVRAM_START, fnvram, NVRAM_LEN);
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:98:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(nvram_filename, "wb");
data/hatari-2.2.1+dfsg/src/fdc.c:655:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char CommandText[ 3 ];
data/hatari-2.2.1+dfsg/src/fdc.c:676:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if ( ( Command & 0xf0 ) == 0x00 ) strcpy ( CommandText , "RE" ); /* Restore */
data/hatari-2.2.1+dfsg/src/fdc.c:677:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xf0 ) == 0x10 ) strcpy ( CommandText , "SE" ); /* Seek */
data/hatari-2.2.1+dfsg/src/fdc.c:678:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xe0 ) == 0x20 ) strcpy ( CommandText , "ST" ); /* Step */
data/hatari-2.2.1+dfsg/src/fdc.c:679:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xe0 ) == 0x40 ) strcpy ( CommandText , "SI" ); /* Step In */
data/hatari-2.2.1+dfsg/src/fdc.c:680:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xe0 ) == 0x60 ) strcpy ( CommandText , "SO" ); /* Step Out */
data/hatari-2.2.1+dfsg/src/fdc.c:681:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xe0 ) == 0x80 ) strcpy ( CommandText , "RS" ); /* Read Sector */
data/hatari-2.2.1+dfsg/src/fdc.c:682:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xe0 ) == 0xa0 ) strcpy ( CommandText , "WS" ); /* Write Sector */
data/hatari-2.2.1+dfsg/src/fdc.c:683:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xf0 ) == 0xc0 ) strcpy ( CommandText , "RA" ); /* Read Address */
data/hatari-2.2.1+dfsg/src/fdc.c:684:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xf0 ) == 0xe0 ) strcpy ( CommandText , "RT" ); /* Read Track */
data/hatari-2.2.1+dfsg/src/fdc.c:685:41: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else if ( ( Command & 0xf0 ) == 0xf0 ) strcpy ( CommandText , "WT" ); /* Write Track */
data/hatari-2.2.1+dfsg/src/fdc.c:686:11: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
else strcpy ( CommandText , "FI" ); /* Force Int */
data/hatari-2.2.1+dfsg/src/fdc.c:1073:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( FDC_DMA.FIFO , &STRam[ Address ] , FDC_DMA_FIFO_SIZE );/* TODO : check we read from a valid RAM location ? */
data/hatari-2.2.1+dfsg/src/file.c:217:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[1024];
data/hatari-2.2.1+dfsg/src/file.c:246:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hDiskFile = fopen(filepath, "rb");
data/hatari-2.2.1+dfsg/src/file.c:311:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hDiskFile = fopen(pszFileName, "wb");
data/hatari-2.2.1+dfsg/src/file.c:335:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hDiskFile = fopen(pszFileName, "rb");
data/hatari-2.2.1+dfsg/src/file.c:471:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pDir, ".%c", PATHSEP);
data/hatari-2.2.1+dfsg/src/file.c:555:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(pDestFileName, "...");
data/hatari-2.2.1+dfsg/src/file.c:598:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(path, mode);
data/hatari-2.2.1+dfsg/src/file.c:935:8: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static TCHAR szTempFileName[MAX_PATH];
data/hatari-2.2.1+dfsg/src/file.c:945:2: [2] (buffer) TCHAR:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
TCHAR lpTempPathBuffer[MAX_PATH];
data/hatari-2.2.1+dfsg/src/floppy.c:958:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pDiskBuffer+Offset, pBuffer, (int)Count*NUMBYTESPERSECTOR);
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:551:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TrackFileName[ FILENAME_MAX ];
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char TrackSide_buf[ 4 + 1 ]; /* "tt.s" + \0 */
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:585:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( TrackSide_buf , "%02d.%d" , Track , Side );
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:586:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( TrackSide_pointer , TrackSide_buf , 4 );
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1000:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[ 200 ];
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:1082:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( buf , "type IV force int 0x%x irq=%d index=%d" ,
data/hatari-2.2.1+dfsg/src/floppy_stx.c:374:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FilenameSave[ FILENAME_MAX ];
data/hatari-2.2.1+dfsg/src/floppy_stx.c:416:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FileOut = fopen ( FilenameSave , "wb+" );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:746:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pStxSaveSector->pData , p , pStxSaveSector->SectorSize );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:776:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pStxSaveTrack->pDataWrite , p , pStxSaveTrack->TrackSizeWrite );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:816:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FilenameSave[ FILENAME_MAX ];
data/hatari-2.2.1+dfsg/src/floppy_stx.c:1071:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pStxMain->FileID , p , 4 ); p += 4;
data/hatari-2.2.1+dfsg/src/gemdos.c:92:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dta_pat[TOS_NAMELEN]; /* unused */
data/hatari-2.2.1+dfsg/src/gemdos.c:99:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dta_name[TOS_NAMELEN];
data/hatari-2.2.1+dfsg/src/gemdos.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMode[4]; /* enough for all used fopen() modes: rb/rb+/wb+ */
data/hatari-2.2.1+dfsg/src/gemdos.c:132:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szActualName[MAX_GEMDOS_PATH]; /* used by F_DATIME (0x57) */
data/hatari-2.2.1+dfsg/src/gemdos.c:141:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_GEMDOS_PATH]; /* sfirst path */
data/hatari-2.2.1+dfsg/src/gemdos.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:882:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(handle->szActualName, handle->szMode);
data/hatari-2.2.1+dfsg/src/gemdos.c:1130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nameHost[MAX_UTF8_NAME_LEN];
data/hatari-2.2.1+dfsg/src/gemdos.c:1916:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:1966:34: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FileHandles[Index].FileHandle = fopen(szActualFileName, "wb+");
data/hatari-2.2.1+dfsg/src/gemdos.c:1987:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(FileHandles[Index].szMode, "wb+");
data/hatari-2.2.1+dfsg/src/gemdos.c:2032:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:2122:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FileHandles[Index].FileHandle = fopen(szActualFileName, ModeStr);
data/hatari-2.2.1+dfsg/src/gemdos.c:2501:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:2669:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:2730:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(str, cmd, cmdlen);
data/hatari-2.2.1+dfsg/src/gemdos.c:2860:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:2916:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(pDTA->dta_name,"EMULATED.001");
data/hatari-2.2.1+dfsg/src/gemdos.c:2994:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szNewActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:2995:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOldActualFileName[MAX_GEMDOS_PATH];
data/hatari-2.2.1+dfsg/src/gemdos.c:3757:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[TOS_NAMELEN+1];
data/hatari-2.2.1+dfsg/src/gemdos.c:3781:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(name, dta->dta_name, TOS_NAMELEN);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlglines[MAX_LINES][50+1];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:47:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgPrinterName[MAX_DLG_FILENAME];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgRs232OutName[MAX_DLG_FILENAME];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgRs232InName[MAX_DLG_FILENAME];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgMidiInName[MAX_DLG_FILENAME];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgDevice.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgMidiOutName[MAX_DLG_FILENAME];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgpath[DLGPATH_SIZE+1]; /* Path name in the dialog */
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:48:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgfname[DLGFNAME_SIZE+1]; /* Name of the selected file in the dialog */
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgfilenames[SGFS_NUMENTRIES][DLGFILENAMES_SIZE+1]; /* Visible file names in the dialog */
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:146:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(tempstr, " ");
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:468:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFloppy.c:187:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlgname[MAX_FLOPPYDRIVES][64], dlgdiskdir[64];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char acsi_id_txt[2];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char scsi_id_txt[2];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char ide_id_txt[2];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgname_gdos[64], dlgname_acsi[64];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgHardDisk.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgname_scsi[64], dlgname_ide[64];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sSdlStickName[20];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c:63:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sKeyInstruction[24];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sKeyName[24];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c:75:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sJoystickNames[JOYSTICK_COUNT] =
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgJoystick.c:156:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sSdlStickName, "0: (none available)");
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sc_modval[16];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:36:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sc_nomodval[16];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:72:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *sc_names[SHORTCUT_KEYS] = {
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:98:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sScKeyType[28];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:99:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sScKeyName[28];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgKeyboard.c:222:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlgmapfile[44];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sTTRamSize[4];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:43:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgSnapShotName[36+1];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:131:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sTTRamSize, "%3i", memsize);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:133:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sTTRamSize, "N/A");
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:152:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sTTRamSize, "%3i", memsize);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgMemory.c:156:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sTTRamSize, "%3i", memsize);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c:31:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char szTracks[3];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c:35:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgLabel[ DLGNEWDISK_LABEL_SIZE+1 ];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c:113:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTracks, "%i", nTracks);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c:131:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTracks, "%i", nTracks);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgNewDisk.c:136:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(szTracks, "%i", nTracks);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgRom.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDlgTosName[47];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgRom.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDlgCartName[47];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:45:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sVdiWidth[5];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:46:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sVdiHeight[5];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:114:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sMaxWidth[5];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:115:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char sMaxHeight[5];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:253:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiWidth, "%4i", vdiw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:254:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiHeight, "%4i", vdih);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:265:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiWidth, "%4i", vdiw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:269:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiWidth, "%4i", vdiw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:274:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiHeight, "%4i", vdih);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:278:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiHeight, "%4i", vdih);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:288:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiWidth, "%4i", vdiw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:289:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sVdiHeight, "%4i", vdih);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:370:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxWidth, "%4i", maxw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:371:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxHeight, "%4i", maxh);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:410:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxWidth, "%4i", maxw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:414:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxWidth, "%4i", maxw);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:419:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxHeight, "%4i", maxh);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgScreen.c:423:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sMaxHeight, "%4i", maxh);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgSound.c:37:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dlgRecordName[35];
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgSound.c:169:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ConfigureParams.Sound.szYMCaptureFileName, "./hatari.wav");
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:487:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:511:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[80];
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:1432:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pEventOut, &sdlEvent, sizeof(SDL_Event));
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:309:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char hd6301_str_instr[50];
data/hatari-2.2.1+dfsg/src/hd6301_cpu.c:4963:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(hd6301_str_instr, "0x%02x : unknown instruction", hd6301_cur_inst);
data/hatari-2.2.1+dfsg/src/hdc.c:145:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[80];
data/hatari-2.2.1+dfsg/src/hdc.c:205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf, inquiry_bytes, count);
data/hatari-2.2.1+dfsg/src/hdc.c:666:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char *pinfo, bootsector[512];
data/hatari-2.2.1+dfsg/src/hdc.c:736:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char c, pid[4];
data/hatari-2.2.1+dfsg/src/hdc.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname[48];
data/hatari-2.2.1+dfsg/src/hdc.c:831:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb+");
data/hatari-2.2.1+dfsg/src/ide.c:558:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs->fhndl = fopen(filename, "rb+");
data/hatari-2.2.1+dfsg/src/ide.c:561:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bs->fhndl = fopen(filename, "rb");
data/hatari-2.2.1+dfsg/src/ide.c:962:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[40];
data/hatari-2.2.1+dfsg/src/ide.c:966:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
data/hatari-2.2.1+dfsg/src/ide.c:1041:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/hatari-2.2.1+dfsg/src/ide.c:1045:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s->io_buffer, s->identify_data, sizeof(s->identify_data));
data/hatari-2.2.1+dfsg/src/includes/acia.h:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ACIA_Name[ 10 ]; /* IKBD or MIDI */
data/hatari-2.2.1+dfsg/src/includes/avi_record.h:22:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char AviRecordFile[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:17:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sLogFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:18:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sTraceFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:47:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szTosImageFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:49:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCartridgeImageFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:61:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szYMCaptureFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:72:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szOutFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:73:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szInFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:74:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sSccBInFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sSccBOutFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMappingFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:135:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szMemoryCaptureFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:136:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szAutoSaveFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:195:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDiskZipPath[MAX_FLOPPYDRIVES][FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:196:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDiskFileName[MAX_FLOPPYDRIVES][FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:197:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szDiskImageDirectory[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:222:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szHardDiskDirectories[MAX_HARDDRIVES][FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:233:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sDeviceFile[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:248:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sDeviceFile[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:312:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szPrintToFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:320:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMidiInFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:321:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMidiOutFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:322:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMidiInPortName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:323:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sMidiOutPortName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:391:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char AviRecordFile[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/configuration.h:422:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sConfigFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/floppy.h:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/includes/floppy_stx.h:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileID[ 4 ]; /* Should be "RSY\0" */
data/hatari-2.2.1+dfsg/src/includes/gemdos.h:12:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hd_emulation_dir[FILENAME_MAX]; /* hd emulation directory (Host OS) */
data/hatari-2.2.1+dfsg/src/includes/gemdos.h:13:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_currpath[FILENAME_MAX]; /* current path (Host OS) */
data/hatari-2.2.1+dfsg/src/includes/m68000.h:225:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char PairingArray[ MAX_OPCODE_FAMILY ][ MAX_OPCODE_FAMILY ];
data/hatari-2.2.1+dfsg/src/inffile.c:186:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(prgname, name, offset);
data/hatari-2.2.1+dfsg/src/inffile.c:216:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(prgname, "C:\\");
data/hatari-2.2.1+dfsg/src/inffile.c:250:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
reso = atoi(str);
data/hatari-2.2.1+dfsg/src/inffile.c:527:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(inf, contents, winoffset1);
data/hatari-2.2.1+dfsg/src/inffile.c:695:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(ptr,"w+b");
data/hatari-2.2.1+dfsg/src/inffile.c:703:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(debugfile, "w+b");
data/hatari-2.2.1+dfsg/src/inffile.c:706:7: [2] (tmpfile) tmpfile:
Function tmpfile() has a security flaw on some systems (e.g., older System
V systems) (CWE-377).
fp = tmpfile();
data/hatari-2.2.1+dfsg/src/keymap.c:611:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szString[1024];
data/hatari-2.2.1+dfsg/src/keymap.c:628:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
in = fopen(pszFileName, "r");
data/hatari-2.2.1+dfsg/src/keymap.c:654:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
PCKeyCode = atoi(szString); /* Direct key code? */
data/hatari-2.2.1+dfsg/src/keymap.c:669:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
STScanCode = atoi(p);
data/hatari-2.2.1+dfsg/src/m68000.c:114:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char PairingArray[ MAX_OPCODE_FAMILY ][ MAX_OPCODE_FAMILY ];
data/hatari-2.2.1+dfsg/src/main.c:868:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[24], *keyname;
data/hatari-2.2.1+dfsg/src/memorySnapShot.c:87:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char Temp_FileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/memorySnapShot.c:100:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(pszFileName, pszMode);
data/hatari-2.2.1+dfsg/src/msa.c:183:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pImageBuffer, pMSAImageBuffer, nBytesPerTrack);
data/hatari-2.2.1+dfsg/src/msa.c:402:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pMSABuffer,pImageBuffer, nBytesPerTrack);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_file[16];
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:150:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_file, "/dev/sg%d", id);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_file[16];
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:206:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_file, "/dev/sg%d", id);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:215:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_file, "/dev/sg%d", ++id);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char device_file[16];
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:259:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device_file, "/dev/sg%d", id);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:261:7: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = open(device_file, O_RDWR | O_NONBLOCK);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:320:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[8];
data/hatari-2.2.1+dfsg/src/options.c:542:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64];
data/hatari-2.2.1+dfsg/src/options.c:933:33: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (File_Exists(path) && (fp = fopen(path, "rb")))
data/hatari-2.2.1+dfsg/src/options.c:1155:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
skips = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1169:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1191:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
planes = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1227:16: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
threshold = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1238:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
zoom = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1275:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ConfigureParams.Screen.nMaxWidth = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1279:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ConfigureParams.Screen.nMaxHeight = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1322:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1349:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
planes = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1369:39: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ConfigureParams.Screen.nVdiWidth = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1375:40: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ConfigureParams.Screen.nVdiHeight = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1494:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1503:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1715:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memsize = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1727:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
memsize = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1774:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ncpu = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1790:15: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
cpuclock = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/options.c:1990:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
freq = atoi(argv[i]);
data/hatari-2.2.1+dfsg/src/options.c:2005:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
temp = atoi(argv[i]);
data/hatari-2.2.1+dfsg/src/options.c:2087:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ConOutDevice = atoi(argv[i]);
data/hatari-2.2.1+dfsg/src/options.c:2196:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
val = atoi(argv[++i]);
data/hatari-2.2.1+dfsg/src/rs232.c:51:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char InputBuffer_RS232[MAX_RS232INPUT_BUFFER];
data/hatari-2.2.1+dfsg/src/rs232.c:205:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hComOut = fopen(ConfigureParams.RS232.szOutFileName, "wb");
data/hatari-2.2.1+dfsg/src/rs232.c:230:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hComIn = fopen(ConfigureParams.RS232.szInFileName, "rb");
data/hatari-2.2.1+dfsg/src/scandir.c:100:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p->d_name, d->d_name, p->d_reclen + 1);
data/hatari-2.2.1+dfsg/src/scandir.c:200:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(findIn, ".\\*");
data/hatari-2.2.1+dfsg/src/scandir.c:204:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(findIn, ".\\*");
data/hatari-2.2.1+dfsg/src/scandir.c:262:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tempDir, dir, sizeof(struct dirent*)*NDir);
data/hatari-2.2.1+dfsg/src/scc.c:108:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scc[1].rd_handle = open(ConfigureParams.RS232.sSccBInFileName, O_RDWR | O_NONBLOCK);
data/hatari-2.2.1+dfsg/src/scc.c:137:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scc[1].rd_handle = open(ConfigureParams.RS232.sSccBInFileName, O_RDONLY | O_NONBLOCK);
data/hatari-2.2.1+dfsg/src/scc.c:146:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
scc[1].wr_handle = open(ConfigureParams.RS232.sSccBOutFileName,
data/hatari-2.2.1+dfsg/src/screen.c:404:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[2] = { '0' + ConfigureParams.Screen.nRenderScaleQuality, 0 };
data/hatari-2.2.1+dfsg/src/screen.c:410:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hint[2] = { '0' + ConfigureParams.Screen.bUseVsync, 0 };
data/hatari-2.2.1+dfsg/src/screen.c:727:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sIconFileName[FILENAME_MAX];
data/hatari-2.2.1+dfsg/src/screen.c:1113:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&pFrameBuffer->HBLPalettes[y*16],HBLPalette,sizeof(short int)*16);
data/hatari-2.2.1+dfsg/src/screen.c:1122:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(PrevHBLPalette, HBLPalettes, sizeof(Uint16)*16);
data/hatari-2.2.1+dfsg/src/screenConvert.c:488:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hvram_column, fvram_line, vw<<1);
data/hatari-2.2.1+dfsg/src/screenConvert.c:711:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel);
data/hatari-2.2.1+dfsg/src/screenConvert.c:783:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel);
data/hatari-2.2.1+dfsg/src/screenConvert.c:857:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel);
data/hatari-2.2.1+dfsg/src/screenConvert.c:923:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hvram_line, hvram_line - pitch, scrwidth * nBytesPerPixel);
data/hatari-2.2.1+dfsg/src/screenSnapShot.c:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dummy[5];
data/hatari-2.2.1+dfsg/src/screenSnapShot.c:62:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
num = atoi(dummy);
data/hatari-2.2.1+dfsg/src/screenSnapShot.c:82:7: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "wb");
data/hatari-2.2.1+dfsg/src/shortcut.c:253:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FileNameB[ FILENAME_MAX ];
data/hatari-2.2.1+dfsg/src/sound.c:1274:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_ptr = fopen( "hatari_250.wav", "rb+");
data/hatari-2.2.1+dfsg/src/sound.c:1279:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file_ptr = fopen( "hatari_250.wav", "wb");
data/hatari-2.2.1+dfsg/src/stMemory.c:150:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&STRam[addr], src, len);
data/hatari-2.2.1+dfsg/src/statusbar.c:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAX_MESSAGE_LEN+1];
data/hatari-2.2.1+dfsg/src/statusbar.c:292:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *text[MAX_DRIVE_LEDS] = { "A:", "B:", "HD:" };
data/hatari-2.2.1+dfsg/src/statusbar.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FdcText[FDC_MSG_MAX_LEN];
data/hatari-2.2.1+dfsg/src/statusbar.c:295:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JoysticksText[JOYSTICK_COUNT+1];
data/hatari-2.2.1+dfsg/src/statusbar.c:497:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[200]; /* large enough for any message */
data/hatari-2.2.1+dfsg/src/statusbar.c:558:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
end += sprintf(end, "%d", size / 1024);
data/hatari-2.2.1+dfsg/src/statusbar.c:560:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
end += sprintf(end, ".25");
data/hatari-2.2.1+dfsg/src/statusbar.c:562:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
end += sprintf(end, ".5");
data/hatari-2.2.1+dfsg/src/statusbar.c:565:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
end += sprintf(end, "/%i", ConfigureParams.Memory.TTRamSize_KB/1024);
data/hatari-2.2.1+dfsg/src/statusbar.c:628:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
end += sprintf(end, " %d Hz" , nScreenRefreshRate);
data/hatari-2.2.1+dfsg/src/statusbar.c:814:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char FdcOld[FDC_MSG_MAX_LEN] = "";
data/hatari-2.2.1+dfsg/src/statusbar.c:815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char FdcNew[FDC_MSG_MAX_LEN];
data/hatari-2.2.1+dfsg/src/statusbar.c:816:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char JoysticksOld[JOYSTICK_COUNT+1] = "";
data/hatari-2.2.1+dfsg/src/statusbar.c:817:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char JoysticksNew[JOYSTICK_COUNT+1];
data/hatari-2.2.1+dfsg/src/statusbar.c:892:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fscount[5];
data/hatari-2.2.1+dfsg/src/str.c:275:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mapUnicodeToAtari[512];
data/hatari-2.2.1+dfsg/src/str.c:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_hex[ 200*3 ]; /* max for 200 bytes per line */
data/hatari-2.2.1+dfsg/src/str.c:584:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf_ascii[ 200 ];
data/hatari-2.2.1+dfsg/src/str.c:598:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( p_h , "%2.2x " , c );
data/hatari-2.2.1+dfsg/src/str.c:601:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf ( p_a , "%c" , c );
data/hatari-2.2.1+dfsg/src/tos.c:199:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCputype040[58] = {
data/hatari-2.2.1+dfsg/src/tos.c:217:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCputype060[58] = {
data/hatari-2.2.1+dfsg/src/tos.c:236:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCacheflush[10] = {
data/hatari-2.2.1+dfsg/src/tos.c:241:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCacheflush2[14] = {
data/hatari-2.2.1+dfsg/src/tos.c:247:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCacheflush3[12] = {
data/hatari-2.2.1+dfsg/src/tos.c:253:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pCacheflush4[12] = {
data/hatari-2.2.1+dfsg/src/tos.c:259:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pColdboot1[10] = {
data/hatari-2.2.1+dfsg/src/tos.c:263:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char const pColdboot2[6] = {
data/hatari-2.2.1+dfsg/src/tos.c:773:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&RomMem[pPatch->Address], pPatch->pNewData, pPatch->Size);
data/hatari-2.2.1+dfsg/src/tos.c:1093:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFakeTosMem, FakeTos_data, TosSize);
data/hatari-2.2.1+dfsg/src/tos.c:1137:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&STRam[TosAddress], pTosFile, TosSize);
data/hatari-2.2.1+dfsg/src/tos.c:1139:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&RomMem[TosAddress], pTosFile, TosSize);
data/hatari-2.2.1+dfsg/src/uae-cpu/build68k.c:70:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tablef = fopen("table68k","r");
data/hatari-2.2.1+dfsg/src/uae-cpu/build68k.c:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char opcstr[256];
data/hatari-2.2.1+dfsg/src/uae-cpu/fpp.c:118:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/fpp.c:161:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/fpp.c:164:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str, "%.16Le", src);
data/hatari-2.2.1+dfsg/src/uae-cpu/fpp.c:166:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (str, "%.16e", src);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:103:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char exactCpuCycles[256]; /* Space to store return string for exact cpu cycles */
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:121:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:125:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen ("frequent.68k", "r");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:154:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char endlabelstr[80];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:211:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:218:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ilong_prefetch(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:220:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ilong(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:226:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:233:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_iword_prefetch(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:235:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_iword(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:241:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[80];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:248:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ibyte_prefetch(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:250:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer, "get_ibyte(%d)", r);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:581:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char getcode[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:586:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (getcode, "get_long(srca)");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:588:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (getcode, "(uae_s32)(uae_s16)get_word(srca)");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:618:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:623:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char putcode[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:628:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (putcode, "put_long(srca,");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:630:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (putcode, "put_word(srca,");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:669:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:688:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char vstr[100], sstr[100], dstr[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:689:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char usstr[100], udstr[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:690:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char unsstr[100], undstr[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:694:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s8)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:695:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u8)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:698:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s16)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:699:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u16)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:702:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (vstr, "((uae_s32)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:703:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy (usstr, "((uae_u32)(");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:713:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (vstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:715:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (dstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:717:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (sstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:721:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (udstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:723:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (usstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:729:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (undstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:731:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat (unsstr, "))");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1792:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1812:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1825:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1839:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1913:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1915:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1954:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1956:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1988:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:1990:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2023:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2025:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2055:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2057:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2087:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2089:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2122:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2124:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2160:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (8+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2162:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(exactCpuCycles," return (6+retcycles*2);");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2710:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[100];
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2714:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "((opcode >> %d) & %d)", pos, smsk);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2716:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (source, "(opcode & %d)", smsk);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2753:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (endlabelstr, "endlabel%d", endlabelno);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2843:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
headerfile = fopen ("cputbl.h", "wb");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2844:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
stblfile = fopen ("cpustbl.c", "wb");
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:226:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (icountfilename (), "w");
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:337:12: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen (icountfilename (), "r");
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:341:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20];
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:408:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:412:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"D%d", reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:415:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"A%d", reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:418:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(A%d)", reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:421:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(A%d)+", reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:424:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"-(A%d)", reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:429:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(A%d,$%04x) == $%08lx", reg, disp16 & 0xffff,
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:443:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:444:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"A%d, ",reg);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:465:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(A%d, %c%d.%c*%d, $%02x) == $%08lx", reg,
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:475:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(PC,$%04x) == $%08lx", disp16 & 0xffff,(unsigned long)addr);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:489:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[10];
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:490:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (name,"PC, ");
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:511:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"(PC, %c%d.%c*%d, $%02x) == $%08lx", dp & 0x8000 ? 'A' : 'D',
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:517:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"$%08lx", (unsigned long)(uae_s32)(uae_s16)get_iword_1 (m68kpc_offset));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:521:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"$%08lx", (unsigned long)get_ilong_1 (m68kpc_offset));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:527:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%02x", (unsigned int)(get_iword_1 (m68kpc_offset) & 0xff));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:531:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%04x", (unsigned int)(get_iword_1 (m68kpc_offset) & 0xffff));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:535:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%08lx", (unsigned long)(get_ilong_1 (m68kpc_offset)));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:545:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%02x", (unsigned int)(offset & 0xff));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:550:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%04x", (unsigned int)(offset & 0xffff));
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:555:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%08lx", (unsigned long)offset);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:559:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buffer,"#$%08lx", (unsigned long)offset);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:1780:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (saved_bytes, regs.pc_p, 20);
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:1986:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char instrname[20],*ccpt;
data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.c:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mnemonic[10];
data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.h:75:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bitpos[16];
data/hatari-2.2.1+dfsg/src/uae-cpu/sysdeps.h:61:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define memcpy q_memcpy
data/hatari-2.2.1+dfsg/src/uae-cpu/sysdeps.h:65:20: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define creat(x,y) open("T:creat",O_CREAT|O_RDWR|O_TRUNC,777)
data/hatari-2.2.1+dfsg/src/unzip.c:327:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fin=fopen(path,"rb");
data/hatari-2.2.1+dfsg/src/unzip.c:723:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/hatari-2.2.1+dfsg/src/video.c:3312:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen, pVideoRaster, SCREENBYTES_MONOLINE);
data/hatari-2.2.1+dfsg/src/video.c:3503:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen, pVideoRaster, SCREENBYTES_LEFT);
data/hatari-2.2.1+dfsg/src/video.c:3511:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pSTScreen+SCREENBYTES_LEFT-BORDERBYTES_LEFT_2_STE+4, pVideoRaster+VideoOffset+4, BORDERBYTES_LEFT_2_STE-4 );
data/hatari-2.2.1+dfsg/src/video.c:3514:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ( pSTScreen, pVideoRaster+BORDERBYTES_LEFT_2_STE-SCREENBYTES_LEFT+VideoOffset, SCREENBYTES_LEFT );
data/hatari-2.2.1+dfsg/src/video.c:3523:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen+SCREENBYTES_LEFT-2, pVideoRaster, 2);
data/hatari-2.2.1+dfsg/src/video.c:3536:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen+SCREENBYTES_LEFT-4*2, pVideoRaster, 4*2);
data/hatari-2.2.1+dfsg/src/video.c:3551:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen+SCREENBYTES_LEFT, pVideoRaster, SCREENBYTES_MIDDLE-106);
data/hatari-2.2.1+dfsg/src/video.c:3560:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen+SCREENBYTES_LEFT, pVideoRaster, SCREENBYTES_MIDDLE);
data/hatari-2.2.1+dfsg/src/video.c:3573:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pSTScreen+SCREENBYTES_LEFT+SCREENBYTES_MIDDLE, pVideoRaster, SCREENBYTES_RIGHT);
data/hatari-2.2.1+dfsg/src/wavFormat.c:92:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
WavFileHndl = fopen(pszWavFileName, "wb");
data/hatari-2.2.1+dfsg/src/xbios.c:66:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[256];
data/hatari-2.2.1+dfsg/src/xbios.c:74:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, txt, len);
data/hatari-2.2.1+dfsg/src/zip.c:99:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_inzip[ZIP_PATH_MAX];
data/hatari-2.2.1+dfsg/src/zip.c:458:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename_inzip[ZIP_PATH_MAX];
data/hatari-2.2.1+dfsg/tests/keymap/keytest.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/hatari-2.2.1+dfsg/tests/keymap/keytest.c:162:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf (buf, "[1][Mod state: $%02x (%d)|Scan code: $%02x (%d)|ASCII code: $%02x (%d)][ OK ]",
data/hatari-2.2.1+dfsg/tests/natfeats/natfeats.c:110:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/hatari-2.2.1+dfsg/tests/tosboot/disk/common.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[64];
data/hatari-2.2.1+dfsg/tools/debugger/gst2ascii.c:293:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[23];
data/hatari-2.2.1+dfsg/tools/debugger/gst2ascii.c:841:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(fp = fopen(filename, "rb"))) {
data/hatari-2.2.1+dfsg/tools/debugger/gst2ascii.c:870:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(list->addresses, list->names, list->count * sizeof(symbol_t));
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:221:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dstdot, ".st");
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:224:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(dstdot, ".msa");
data/hatari-2.2.1+dfsg/src/cart.c:113:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ConfigureParams.Rom.szCartridgeImageFileName) > 0 &&
data/hatari-2.2.1+dfsg/src/cart.c:135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(ConfigureParams.Rom.szCartridgeImageFileName) > 0)
data/hatari-2.2.1+dfsg/src/cfgopts.c:166:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (strncmp(fptr, header, strlen(header)));
data/hatari-2.2.1+dfsg/src/cfgopts.c:334:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int headerlen = strlen(header);
data/hatari-2.2.1+dfsg/src/change.c:597:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(cmdline+i-1, cmdline+i, strlen(cmdline+i)+1);
data/hatari-2.2.1+dfsg/src/configuration.c:740:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ConfigureParams.Keyboard.szMappingFileName, "");
data/hatari-2.2.1+dfsg/src/configuration.c:847:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(ConfigureParams.Rom.szCartridgeImageFileName, "");
data/hatari-2.2.1+dfsg/src/configuration.c:879:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psHomeDir) < sizeof(sConfigFileName)-13)
data/hatari-2.2.1+dfsg/src/configuration.c:977:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ConfigureParams.Rom.szCartridgeImageFileName) > 0)
data/hatari-2.2.1+dfsg/src/configuration.c:983:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ConfigureParams.Keyboard.szMappingFileName) > 0)
data/hatari-2.2.1+dfsg/src/control.c:264:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item[i].path, value, FILENAME_MAX-1);
data/hatari-2.2.1+dfsg/src/control.c:406:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(ControlFifo, buffer, sizeof(buffer)-1);
data/hatari-2.2.1+dfsg/src/control.c:461:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bytes = read(sock, buffer, sizeof(buffer)-1);
data/hatari-2.2.1+dfsg/src/control.c:557:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(address.sun_path, socketpath, sizeof(address.sun_path));
data/hatari-2.2.1+dfsg/src/control.c:666:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (write(ControlSocket, buffer, strlen(buffer)) < 0)
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:27:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:30:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:248:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc (tablef);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:258:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc (tablef);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:267:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc (tablef);
data/hatari-2.2.1+dfsg/src/cpu/build68k.c:308:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (tmp, " ");
data/hatari-2.2.1+dfsg/src/cpu/compat.h:39:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
while (_tcslen (s) > 0 && _tcscspn (s, _T("\t \r\n")) == 0)
data/hatari-2.2.1+dfsg/src/cpu/compat.h:40:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove (s, s + 1, (_tcslen (s + 1) + 1) * sizeof (TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/compat.h:41:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = _tcslen (s);
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:1758:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void mmu030_page_fault(uaecptr addr, bool read, int flags, uae_u32 fc)
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:1783:18: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
regs.mmu_ssw |= read ? MMU030_SSW_RW : 0;
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:1789:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
bBusErrorReadWrite = read;
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:1794:23: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
addr, regs.mmu_ssw, read, (flags & MMU030_SSW_SIZE_B) ? 1 : (flags & MMU030_SSW_SIZE_W) ? 2 : 4, fc,
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:2875:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
addr, read, size, fc, mmu030_data_buffer_out, mmu030_ad[idxsize].val, ssw);
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:2878:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.c:3286:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read) {
data/hatari-2.2.1+dfsg/src/cpu/cpummu030.h:54:43: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void mmu030_page_fault(uaecptr addr, bool read, int flags, uae_u32 fc);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:679:36: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!_tcsncmp(tmp, debugregs[i], _tcslen(debugregs[i]))) {
data/hatari-2.2.1+dfsg/src/cpu/debug.c:680:12: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*c) += _tcslen(debugregs[i]);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:900:12: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(*c) += _tcslen(name);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:944:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen (p);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1043:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return _tcslen (out);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:1235:58: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy (out + (9 + 4 + 1) * sizeof (TCHAR), ab->name, _tcslen (ab->name) * sizeof (TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2084:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = l1 + _tcslen(l1);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2086:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = l2 + _tcslen(l2);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2088:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = l3 + _tcslen(l3);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2090:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = l4 + _tcslen(l4);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:2092:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = l5 + _tcslen(l5);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3637:16: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = _tcslen(n);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:3933:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = txt + _tcslen (txt);
data/hatari-2.2.1+dfsg/src/cpu/debug.c:4123:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!memcmp (p, name, strlen (name) + 1))
data/hatari-2.2.1+dfsg/src/cpu/debug.c:5117:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < _tcslen(parm); i++) {
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:598:26: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mode == 0 || mode > _tcslen(fsout))
data/hatari-2.2.1+dfsg/src/cpu/fpp_native.c:1155:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen (strp);
data/hatari-2.2.1+dfsg/src/cpu/fpp_softfloat.c:142:26: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (mode == 0 || mode > _tcslen(fsout))
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2581:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (unsstr, "-");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:2582:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (undstr, "~");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5830:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out, "Q");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5837:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out," ");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5841:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (ins->suse) strcat (out,",");
data/hatari-2.2.1+dfsg/src/cpu/gencpu.c:5847:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out, ")");
data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c:340:14: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*bufsize -= _tcslen (buffer);
data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c:342:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return buffer + _tcslen (buffer);
data/hatari-2.2.1+dfsg/src/cpu/hatari-glue.c:353:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (format[strlen(format) - 1] != '\n')
data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.c:3925:6: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
if (mismatch)
data/hatari-2.2.1+dfsg/src/cpu/jit/codegen_x86.c:3929:10: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return !mismatch;
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3219:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out, "Q");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3226:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (out," ");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3230:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if (ins->suse) strcat (out,",");
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3435:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
flags[strlen(flags) - 1] = '\0';
data/hatari-2.2.1+dfsg/src/cpu/jit/gencomp.c:3437:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(flags, "0");
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2295:12: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buffer += _tcslen(buffer);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2370:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
_stprintf(buffer + _tcslen(buffer), _T(" %s"), name);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2423:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = buffer + _tcslen(buffer);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2427:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2433:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2439:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2446:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2451:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2458:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2463:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2469:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2474:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2481:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:2493:8: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += _tcslen(p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7972:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = out + _tcslen (out);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:7980:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = p + _tcslen (p);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8173:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < _tcslen(s); i++) {
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8394:6: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(sline) > 100)
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8415:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
to_upper(line, _tcslen(line));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8427:6: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen(ins) == 0)
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8508:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = _tcslen(ins);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8526:10: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ins[_tcslen(ins) - 1] == 'Q' && _tcslen(ins) > 3 && !fp) {
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8526:38: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (ins[_tcslen(ins) - 1] == 'Q' && _tcslen(ins) > 3 && !fp) {
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8528:7: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ins[_tcslen(ins) - 1] = 0;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8546:14: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (tmp[_tcslen(tmp) - 1] == ' ')
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8547:11: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
tmp[_tcslen(tmp) - 1] = 0;
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8694:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = s + _tcslen(s);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8697:18: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
showea_val(p + _tcslen(p), opcode, addr2, 4);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8777:5: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy (ccpt, ccnames[dp->cc], 2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8821:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8831:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8834:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8846:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8853:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8859:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8865:20: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8879:28: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8883:27: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8936:21: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8946:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8963:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8966:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8981:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8984:22: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:8988:23: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9003:30: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
TCHAR *p = instrname + _tcslen(instrname);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9068:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (bufsize > _tcslen(segout)) {
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9069:26: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(symbolpos + _tcslen(segout), symbolpos, (_tcslen(symbolpos) + 1) * sizeof(TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9069:55: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(symbolpos + _tcslen(segout), symbolpos, (_tcslen(symbolpos) + 1) * sizeof(TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9070:32: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(symbolpos, segout, _tcslen(segout) * sizeof(TCHAR));
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9071:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bufsize -= _tcslen(segout);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9072:13: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf += _tcslen(segout);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9073:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
symbolpos += _tcslen(segout);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9166:3: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
_tcsncpy (ccpt, ccnames[dp->cc], 2);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:9189:17: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
instrcode += _tcslen (instrcode);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:10074:42: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void exception2_setup(uaecptr addr, bool read, int size, uae_u32 fc)
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:10084:37: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
void exception2 (uaecptr addr, bool read, int size, uae_u32 fc)
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:10089:29: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
mmu030_page_fault (addr, read, flags, fc);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.c:10094:26: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
exception2_setup(addr, read, size, fc);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.h:767:44: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern void exception2 (uaecptr addr, bool read, int size, uae_u32 fc);
data/hatari-2.2.1+dfsg/src/cpu/newcpu.h:768:49: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
extern void exception2_setup(uaecptr addr, bool read, int size, uae_u32 fc);
data/hatari-2.2.1+dfsg/src/cpu/readcpu.c:710:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (_tcslen (lookuptab[find].name) == 0)
data/hatari-2.2.1+dfsg/src/cpu/sysdeps.h:390:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
#define read posixemu_read
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:36:9: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:36:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
#define _tcslen strlen
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:37:9: [1] (buffer) _tcsncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or
automatically resizing strings.
#define _tcsncat strncat
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:37:18: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
#define _tcsncat strncat
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:39:9: [1] (buffer) _tcsncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy strncpy
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:39:18: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
#define _tcsncpy strncpy
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:64:19: [1] (buffer) _tcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = _tcslen(src);
data/hatari-2.2.1+dfsg/src/cpu/uae/string.h:79:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t src_len = strlen(src);
data/hatari-2.2.1+dfsg/src/createBlankImage.c:167:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
LabelSize = strlen ( VolumeLabel );
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:338:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(parameterPtr[0]) == 1)
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:475:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(symbolName+strlen(symbolName), "+%d*%d", dse->size, offset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:477:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(symbolName+strlen(symbolName), "+%d", reminder);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:810:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commentBuffer += strlen(commentBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:811:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(commentBuffer+strlen(commentBuffer), "%s", symStr);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:818:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
commentBuffer += strlen(commentBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:819:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", (signed char)(eWord1 & 0xFF) + opcodeAddr + 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:866:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, "(");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:873:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, "[");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:877:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(disassbuf+strlen(disassbuf), "%s", Disass68kNumber(bd));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:888:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, "0");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:894:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:900:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, "]");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:906:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:909:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(disassbuf+strlen(disassbuf), "%s.%c", Disass68kRegname(xn), c);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:912:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(disassbuf+strlen(disassbuf), "%s.%c*%d", Disass68kRegname(xn), c, 1 << scale);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:917:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, "]");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:930:6: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:931:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(disassbuf+strlen(disassbuf), "%s", Disass68kNumber(od));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:936:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(disassbuf, ")");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1024:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", (signed short)eWord1 + *addr - 2);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1132:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(commentBuffer+strlen(commentBuffer), "$%lx", *addr + pcoffset);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1142:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return disassbuf + strlen(disassbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1791:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1810:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1824:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, ",");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1834:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, "'");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1835:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp = operandBuffer + strlen(operandBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1856:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(sp, "'");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1867:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, "0");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1870:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(operandBuffer, "'");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:1871:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sp = operandBuffer + strlen(operandBuffer);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2041:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbuf += strlen(sp);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2231:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbuf += strlen(dbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2260:17: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
case 0x0C: strcat(commentBuffer, "e"); break;
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2294:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(hasReg) strcat(dbuf, "/");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2300:18: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(hasReg) strcat(dbuf, "/");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2305:7: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(dbuf, "0");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2306:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dbuf += strlen(dbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2465:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dbuf);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2510:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(hexdumpBuffer, " ");
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2513:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(hexdumpBuffer+strlen(hexdumpBuffer), "%2.2x", Disass68kGetWord(addr+j) >> 8);
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2515:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(hexdumpBuffer+strlen(hexdumpBuffer), "%4.4x", Disass68kGetWord(addr+j));
data/hatari-2.2.1+dfsg/src/debug/68kDisass.c:2530:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t l = strlen(lineBuffer);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:992:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
normalized = malloc(2*strlen(expression)+1);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1050:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstate->arg = strlen(expression)/2;
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1062:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pstate->argv = malloc(tokens*sizeof(char*)+strlen(normalized)+1);
data/hatari-2.2.1+dfsg/src/debug/breakcond.c:1637:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(cut) > 5) {
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:419:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
assert(strlen(command) < sizeof(cmdbuffer));
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:528:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmdbuf, "d");
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:540:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(cmdbuf, "m");
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:565:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[1]) != 2 ||
data/hatari-2.2.1+dfsg/src/debug/debugInfo.c:710:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:86:6: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:91:7: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = fgetc(fp);
data/hatari-2.2.1+dfsg/src/debug/debugcpu.c:388:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) < 2)
data/hatari-2.2.1+dfsg/src/debug/debugui.c:72:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = malloc(strlen(path) + strlen(".debug") + 1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:72:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filename = malloc(strlen(path) + strlen(".debug") + 1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:234:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inputlen = strlen(input);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:251:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(start, start+2, strlen(start+2)+1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:274:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(start, end, strlen(end) + 1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:291:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(start, end, strlen(end) + 1);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:595:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(sLastCmd) > 0)
data/hatari-2.2.1+dfsg/src/debug/debugui.c:675:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:699:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/debug/debugui.c:1216:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(olddir, ".");
data/hatari-2.2.1+dfsg/src/debug/log.c:256:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psFormat[strlen(psFormat)-1] != '\n')
data/hatari-2.2.1+dfsg/src/debug/log.c:278:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psFormat[strlen(psFormat)-1] != '\n')
data/hatari-2.2.1+dfsg/src/debug/log.c:471:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/debug/symbols.c:91:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/hatari-2.2.1+dfsg/src/debug/symbols.c:1124:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/debug/vars.c:198:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:526:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(parallelmove_name, "");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2025:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(space_name,"y");
data/hatari-2.2.1+dfsg/src/falcon/dsp_disasm.c:2028:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(space_name,"x");
data/hatari-2.2.1+dfsg/src/falcon/nvram.c:202:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(psHomeDir)+sizeof(sBaseName)+1 < sizeof(nvram_filename))
data/hatari-2.2.1+dfsg/src/file.c:47:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pszFileName);
data/hatari-2.2.1+dfsg/src/file.c:63:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pszFileName);
data/hatari-2.2.1+dfsg/src/file.c:83:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFileName) < strlen(pszExtension))
data/hatari-2.2.1+dfsg/src/file.c:83:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFileName) < strlen(pszExtension))
data/hatari-2.2.1+dfsg/src/file.c:86:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcasecmp(&pszFileName[strlen(pszFileName)-strlen(pszExtension)], pszExtension))
data/hatari-2.2.1+dfsg/src/file.c:86:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strcasecmp(&pszFileName[strlen(pszFileName)-strlen(pszExtension)], pszExtension))
data/hatari-2.2.1+dfsg/src/file.c:102:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( Filename_old ) >= FILENAME_MAX - strlen ( Extension_new ) )
data/hatari-2.2.1+dfsg/src/file.c:102:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( Filename_old ) >= FILENAME_MAX - strlen ( Extension_new ) )
data/hatari-2.2.1+dfsg/src/file.c:105:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( Filename_old ) < strlen ( Extension_old ) )
data/hatari-2.2.1+dfsg/src/file.c:105:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strlen ( Filename_old ) < strlen ( Extension_old ) )
data/hatari-2.2.1+dfsg/src/file.c:108:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strcasecmp ( Filename_old + strlen(Filename_old) - strlen(Extension_old) , Extension_old ) )
data/hatari-2.2.1+dfsg/src/file.c:108:59: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( !strcasecmp ( Filename_old + strlen(Filename_old) - strlen(Extension_old) , Extension_old ) )
data/hatari-2.2.1+dfsg/src/file.c:111:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy ( Filename_new + strlen ( Filename_new ) - strlen ( Extension_old ) , Extension_new );
data/hatari-2.2.1+dfsg/src/file.c:111:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy ( Filename_new + strlen ( Filename_new ) - strlen ( Extension_old ) , Extension_new );
data/hatari-2.2.1+dfsg/src/file.c:139:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFileName) > 2 && pszFileName[2] == ':') // sd:
data/hatari-2.2.1+dfsg/src/file.c:141:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFileName) > 3 && pszFileName[3] == ':') // fat:
data/hatari-2.2.1+dfsg/src/file.c:143:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(pszFileName) > 4 && pszFileName[4] == ':') // fat3:
data/hatari-2.2.1+dfsg/src/file.c:176:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (pszFileName[strlen(pszFileName)-1] == PATHSEP)
data/hatari-2.2.1+dfsg/src/file.c:392:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szString = malloc(strlen(pszFileName) + strlen(fmt) + 1);
data/hatari-2.2.1+dfsg/src/file.c:392:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
szString = malloc(strlen(pszFileName) + strlen(fmt) + 1);
data/hatari-2.2.1+dfsg/src/file.c:502:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pDir) + 2 + strlen(pName) + 1 + (pExt ? strlen(pExt) : 0) + 1;
data/hatari-2.2.1+dfsg/src/file.c:502:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pDir) + 2 + strlen(pName) + 1 + (pExt ? strlen(pExt) : 0) + 1;
data/hatari-2.2.1+dfsg/src/file.c:502:55: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(pDir) + 2 + strlen(pName) + 1 + (pExt ? strlen(pExt) : 0) + 1;
data/hatari-2.2.1+dfsg/src/file.c:516:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(filepath);
data/hatari-2.2.1+dfsg/src/file.c:525:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(pName);
data/hatari-2.2.1+dfsg/src/file.c:527:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(&filepath[len++], ".");
data/hatari-2.2.1+dfsg/src/file.c:544:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int srclen = strlen(pSrcFileName);
data/hatari-2.2.1+dfsg/src/file.c:550:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(pDestFileName, pSrcFileName, maxlen/2);
data/hatari-2.2.1+dfsg/src/file.c:556:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcat(pDestFileName, &pSrcFileName[strlen(pSrcFileName)-maxlen/2+1]);
data/hatari-2.2.1+dfsg/src/file.c:761:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpos = strlen(pTempName);
data/hatari-2.2.1+dfsg/src/file.c:789:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outpos = strlen(pTempName);
data/hatari-2.2.1+dfsg/src/file.c:884:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(path)-1;
data/hatari-2.2.1+dfsg/src/file.c:907:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(path);
data/hatari-2.2.1+dfsg/src/floppy.c:88:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ConfigureParams.DiskImage.szDiskFileName[i]) > 0)
data/hatari-2.2.1+dfsg/src/floppy.c:315:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szName) > 0)
data/hatari-2.2.1+dfsg/src/floppy.c:317:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *last = &(szName[strlen(szName)-1]);
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:254:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen ( FileName );
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:255:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len -= strlen ( ext );
data/hatari-2.2.1+dfsg/src/floppy_ipf.c:259:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncasecmp ( ext , FileName + len , strlen ( ext ) ) == 0 )
data/hatari-2.2.1+dfsg/src/floppy_stx.c:426:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ( WD1772_SAVE_FILE_ID );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:459:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ( WD1772_SAVE_SECTOR_ID );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:510:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ( WD1772_SAVE_TRACK_ID );
data/hatari-2.2.1+dfsg/src/floppy_stx.c:577:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( strncmp ( (char *) p , WD1772_SAVE_FILE_ID , strlen ( WD1772_SAVE_FILE_ID ) ) ) /* +0 ... +5 */
data/hatari-2.2.1+dfsg/src/floppy_stx.c:583:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen ( WD1772_SAVE_FILE_ID );
data/hatari-2.2.1+dfsg/src/gemdos.c:585:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int iIndex = strlen(lpstrPath)-1;
data/hatari-2.2.1+dfsg/src/gemdos.c:1072:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(pszFileName) == 4 && pszFileName[3] == ':')
data/hatari-2.2.1+dfsg/src/gemdos.c:1190:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
diff = strlen(dot) - 4;
data/hatari-2.2.1+dfsg/src/gemdos.c:1200:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(name + 8, dot, strlen(dot) + 1);
data/hatari-2.2.1+dfsg/src/gemdos.c:1202:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
return strlen(name);
data/hatari-2.2.1+dfsg/src/gemdos.c:1204:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/hatari-2.2.1+dfsg/src/gemdos.c:1229:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *name = alloca(strlen(origname) + 3);
data/hatari-2.2.1+dfsg/src/gemdos.c:1232:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pathlen = strlen(path);
data/hatari-2.2.1+dfsg/src/gemdos.c:1247:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path+pathlen, match, maxlen-pathlen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1262:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path+pathlen, match, maxlen-pathlen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1320:4: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(path+pathlen, match, maxlen-pathlen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1361:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i = strlen(dstpath);
data/hatari-2.2.1+dfsg/src/gemdos.c:1409:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(pszDestName, emudrives[Drive-2]->hd_emulation_dir, nDestNameLen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1415:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(pszDestName, emudrives[Drive-2]->hd_emulation_dir, nDestNameLen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1420:3: [1] (buffer) strncat:
Easily used incorrectly (e.g., incorrectly computing the correct maximum
size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, snprintf,
or automatically resizing strings.
strncat(pszDestName, emudrives[Drive-2]->fs_currpath, nDestNameLen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1423:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
minlen = strlen(emudrives[Drive-2]->hd_emulation_dir);
data/hatari-2.2.1+dfsg/src/gemdos.c:1430:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (nDestNameLen < minlen + (int)strlen(pszFileName) + 2)
data/hatari-2.2.1+dfsg/src/gemdos.c:1483:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dirname, filename, dirlen);
data/hatari-2.2.1+dfsg/src/gemdos.c:1510:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(pszDestName);
data/hatari-2.2.1+dfsg/src/gemdos.c:1865:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(emudrives[Drive-2]->hd_emulation_dir)) == 0)
data/hatari-2.2.1+dfsg/src/gemdos.c:2673:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strncat(path,&emudrives[Drive-2]->fs_currpath[strlen(emudrives[Drive-2]->hd_emulation_dir)], sizeof(path)-1);
data/hatari-2.2.1+dfsg/src/gemdos.c:2677:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(path);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAbout.c:49:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((int)strlen(aboutstr) > aboutdlg[0].w)
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAbout.c:57:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
aboutdlg[1].x = (aboutdlg[0].w - strlen(aboutstr)) / 2;
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:72:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
txtlen = strlen(text);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:128:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *t = (char *)malloc(strlen(text)+1);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgAlert.c:150:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
t += strlen(t)+1;
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:449:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
slen = strlen(src);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:450:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
alen = strlen(add);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:521:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zippath = malloc(strlen(zipdir) + strlen(zipfilename) + 1);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:521:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
zippath = malloc(strlen(zipdir) + strlen(zipfilename) + 1);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:606:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(title);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:630:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, path_and_name, FILENAME_MAX);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgFileSelect.c:1001:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(confname, selname, FILENAME_MAX);
data/hatari-2.2.1+dfsg/src/gui-sdl/dlgSound.c:167:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(ConfigureParams.Sound.szYMCaptureFileName) < 4)
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:621:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cursorPos = strlen(txt);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:648:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt) < (size_t)dlg[objnum].w)
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:651:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&txt[cursorPos])+1);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:669:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cursorPos < strlen(txt))
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:675:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&txt[cursorPos-1], &txt[cursorPos], strlen(&txt[cursorPos])+1);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:680:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (cursorPos < strlen(txt))
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:681:52: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&txt[cursorPos], &txt[cursorPos+1], strlen(&txt[cursorPos+1])+1);
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:689:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(txt) < (size_t)dlg[objnum].w)
data/hatari-2.2.1+dfsg/src/gui-sdl/sdlgui.c:691:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(&txt[cursorPos+1], &txt[cursorPos], strlen(&txt[cursorPos])+1);
data/hatari-2.2.1+dfsg/src/inffile.c:171:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(name);
data/hatari-2.2.1+dfsg/src/inffile.c:515:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
inflen = strlen(contents);
data/hatari-2.2.1+dfsg/src/inffile.c:516:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
winlen = strlen(drivewin);
data/hatari-2.2.1+dfsg/src/inffile.c:668:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size = strlen(prgname);
data/hatari-2.2.1+dfsg/src/joy.c:159:69: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strncmp(AxisMappingTable[j].SDLJoystickName, Joy_GetName(i), strlen(AxisMappingTable[j].SDLJoystickName)) == 0)
data/hatari-2.2.1+dfsg/src/keymap.c:643:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szString)>0)
data/hatari-2.2.1+dfsg/src/keymap.c:662:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (*szString == '\\' && strlen(szString) == 2)
data/hatari-2.2.1+dfsg/src/m68000.c:792:38: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
static void M68000_SyncCpuBus ( bool read )
data/hatari-2.2.1+dfsg/src/m68000.c:797:7: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if ( read )
data/hatari-2.2.1+dfsg/src/main.c:838:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(psGlobalConfig, CONFDIR"hatari.cfg", FILENAME_MAX);
data/hatari-2.2.1+dfsg/src/midi.c:563:10: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return fgetc(pMidiFhIn);
data/hatari-2.2.1+dfsg/src/nf_scsidrv.c:190:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(busName, BUS_NAME, 20);
data/hatari-2.2.1+dfsg/src/options.c:518:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(opt->str);
data/hatari-2.2.1+dfsg/src/options.c:521:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(opt->arg);
data/hatari-2.2.1+dfsg/src/options.c:874:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(src) >= dstlen)
data/hatari-2.2.1+dfsg/src/options.c:1383:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(argv[i]) != 1 ||
data/hatari-2.2.1+dfsg/src/options.c:1396:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
port = argv[i][strlen(argv[i])-1] - '0';
data/hatari-2.2.1+dfsg/src/options.c:1591:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(argv[i]) == 1)
data/hatari-2.2.1+dfsg/src/options.c:1624:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 2 && isdigit(str[0]) && str[1] == '=')
data/hatari-2.2.1+dfsg/src/options.c:1647:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 2 && isdigit(str[0]) && str[1] == '=')
data/hatari-2.2.1+dfsg/src/options.c:1692:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(str) > 2 && isdigit(str[0]) && str[1] == '=')
data/hatari-2.2.1+dfsg/src/options.c:2235:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(text);
data/hatari-2.2.1+dfsg/src/paths.c:217:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(psDrive);
data/hatari-2.2.1+dfsg/src/paths.c:220:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len += strlen(psHome);
data/hatari-2.2.1+dfsg/src/paths.c:239:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sHatariHomeDir = Str_Alloc(strlen(sUserHomeDir) + 1 + strlen(HATARI_HOME_DIR));
data/hatari-2.2.1+dfsg/src/paths.c:239:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sHatariHomeDir = Str_Alloc(strlen(sUserHomeDir) + 1 + strlen(HATARI_HOME_DIR));
data/hatari-2.2.1+dfsg/src/paths.c:316:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (psExecDir && strlen(psExecDir) > 0)
data/hatari-2.2.1+dfsg/src/rs232.c:314:14: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
iInChar = fgetc(hComIn);
data/hatari-2.2.1+dfsg/src/scandir.c:187:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(dirname);
data/hatari-2.2.1+dfsg/src/scc.c:242:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nb = read(scc[channel].rd_handle, &value, 1);
data/hatari-2.2.1+dfsg/src/sound.c:2068:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!pszCaptureFileName || strlen(pszCaptureFileName) <= 3)
data/hatari-2.2.1+dfsg/src/statusbar.c:375:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
xoffset += strlen(text[i]) * fontw;
data/hatari-2.2.1+dfsg/src/statusbar.c:465:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(item->msg, msg, MAX_MESSAGE_LEN);
data/hatari-2.2.1+dfsg/src/statusbar.c:649:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
offset = (MessageRect.w - strlen(msg) * fontw) / 2;
data/hatari-2.2.1+dfsg/src/str.c:36:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
linelen = strlen(buffer);
data/hatari-2.2.1+dfsg/src/str.c:191:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(src);
data/hatari-2.2.1+dfsg/src/str.c:208:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(src + 8, dot, strlen(dot) + 1);
data/hatari-2.2.1+dfsg/src/str.c:444:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dest, source, destLen);
data/hatari-2.2.1+dfsg/src/uae-cpu/build68k.c:29:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/hatari-2.2.1+dfsg/src/uae-cpu/build68k.c:32:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
nextch = fgetc(tablef);
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:726:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (unsstr, "-");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:727:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat (undstr, "~");
data/hatari-2.2.1+dfsg/src/uae-cpu/gencpu.c:2764:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(exactCpuCycles) > 0)
data/hatari-2.2.1+dfsg/src/uae-cpu/newcpu.c:2016:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (ccpt, ccnames[dp->cc], 2);
data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.c:708:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(lookuptab[find].name) == 0) abort();
data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.c:763:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
static int mismatch;
data/hatari-2.2.1+dfsg/src/uae-cpu/readcpu.c:856:12: [1] (buffer) mismatch:
Function does not check the second iterator for over-read conditions
(CWE-126). This function is often discouraged by most C++ coding standards
in favor of its safer alternatives provided since C++14. Consider using a
form of this function that checks the second iterator before potentially
overflowing it.
return mismatch;
data/hatari-2.2.1+dfsg/src/unzip.c:709:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName) >= UNZ_MAXFILENAMEINZIP)
data/hatari-2.2.1+dfsg/src/ymFormat.c:39:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!filename || strlen(filename) <= 0)
data/hatari-2.2.1+dfsg/src/zip.c:136:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
filelist[i] = (char *)malloc(strlen(filename_inzip) + 1);
data/hatari-2.2.1+dfsg/src/zip.c:259:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zip->names[i]) > strlen(dir))
data/hatari-2.2.1+dfsg/src/zip.c:259:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(zip->names[i]) > strlen(dir))
data/hatari-2.2.1+dfsg/src/zip.c:261:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncasecmp(zip->names[i], dir, strlen(dir)) == 0)
data/hatari-2.2.1+dfsg/src/zip.c:264:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
temp = (char *)(temp + strlen(dir));
data/hatari-2.2.1+dfsg/src/zip.c:285:8: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(subdir, temp, slash+1);
data/hatari-2.2.1+dfsg/src/zip.c:424:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, files->names[i], ZIP_PATH_MAX);
data/hatari-2.2.1+dfsg/src/zip.c:433:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(name, files->names[0], ZIP_PATH_MAX);
data/hatari-2.2.1+dfsg/src/zip.c:551:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(path, pszZipPath, ZIP_PATH_MAX);
data/hatari-2.2.1+dfsg/tools/debugger/gst2ascii.c:264:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int i, len = strlen(name);
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:46:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (text[strlen(text)-1] != '\n')
data/hatari-2.2.1+dfsg/tools/hmsa/hmsa.c:211:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dstfile = malloc(strlen(srcfile) + 6);
ANALYSIS SUMMARY:
Hits = 2089
Lines analyzed = 217771 in approximately 5.74 seconds (37962 lines/second)
Physical Source Lines of Code (SLOC) = 161107
Hits@level = [0] 3116 [1] 363 [2] 1206 [3] 14 [4] 500 [5] 6
Hits@level+ = [0+] 5205 [1+] 2089 [2+] 1726 [3+] 520 [4+] 506 [5+] 6
Hits/KSLOC@level+ = [0+] 32.3077 [1+] 12.9665 [2+] 10.7134 [3+] 3.22767 [4+] 3.14077 [5+] 0.0372423
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.