Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/shogivar-1.55b/gtk/xoptions.c
Examining data/shogivar-1.55b/gtk/gui.h
Examining data/shogivar-1.55b/gtk/xtimer.c
Examining data/shogivar-1.55b/gtk/gui.c
Examining data/shogivar-1.55b/menus.h
Examining data/shogivar-1.55b/gettext.h
Examining data/shogivar-1.55b/menus.c
Examining data/shogivar-1.55b/frontend.h
Examining data/shogivar-1.55b/backend.h
Examining data/shogivar-1.55b/dialogs.h
Examining data/shogivar-1.55b/dialogs.c
Examining data/shogivar-1.55b/draw.h
Examining data/shogivar-1.55b/draw.c
Examining data/shogivar-1.55b/backend.c
Examining data/shogivar-1.55b/common.h
FINAL RESULTS:
data/shogivar-1.55b/backend.c:453:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ASTR, "%s %s %d", Pieces[K].Name, Pieces[K].sname, Pieces[K].number);
data/shogivar-1.55b/backend.c:455:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(HelpSTR, "%s %s %s %s %d", ExtraPiece, Pieces[K].Name, Pieces[K].sname, spaces, Pieces[K].number);
data/shogivar-1.55b/backend.c:467:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Adding %s %ss - [Press Right Button When Finished]", ExtraPiece, Pieces[abs(Selection)].Name);
data/shogivar-1.55b/backend.c:657:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "%s promotes", PromPieceSTR);
data/shogivar-1.55b/backend.c:660:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Double Click on new %s if not promoting.", Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:961:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ElapsedSTR, Board.WhiteClock.Caption);
data/shogivar-1.55b/backend.c:963:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.WhiteClock.Caption, ElapsedSTR);
data/shogivar-1.55b/backend.c:965:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ElapsedSTR, Board.BlackClock.Caption);
data/shogivar-1.55b/backend.c:967:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.BlackClock.Caption, ElapsedSTR);
data/shogivar-1.55b/backend.c:1285:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:1310:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if(f4 = fopen((sprintf(StringTmp, CONFIGFILE), StringTmp), "r")) { // [HGM] allow for failing
data/shogivar-1.55b/backend.c:1480:20: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
if(f4 = fopen((sprintf(StringTmp, CONFIGFILE), StringTmp), "w")) {
data/shogivar-1.55b/backend.c:1805:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ShortScore[I], CMoveSTR);
data/shogivar-1.55b/backend.c:1822:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LeftBit, ShortScore[I]); LeftBit[J-1] = 0;
data/shogivar-1.55b/backend.c:1826:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(RightBit, ShortScore[I]+J);
data/shogivar-1.55b/backend.c:1829:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ShortScore[I], "%s%s", LeftBit, RightBit);
data/shogivar-1.55b/backend.c:1842:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ShortScore[I], Score[I].Caption);
data/shogivar-1.55b/backend.c:1844:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(ShortScore[I][J-1] == ' ' ) { strcpy(TmpSTR, ShortScore[I]+J); strcpy(ShortScore[I], TmpSTR); OldScore = 1; }
data/shogivar-1.55b/backend.c:1844:73: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(ShortScore[I][J-1] == ' ' ) { strcpy(TmpSTR, ShortScore[I]+J); strcpy(ShortScore[I], TmpSTR); OldScore = 1; }
data/shogivar-1.55b/backend.c:1852:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LeftBit, ShortScore[I]); LeftBit[J-1] = 0;
data/shogivar-1.55b/backend.c:1856:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(RightBit, ShortScore[I]+J);
data/shogivar-1.55b/backend.c:1859:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ShortScore[I], "%s%s", LeftBit, RightBit);
data/shogivar-1.55b/backend.c:1863:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Score[I].Caption, ShortScore[I]);
data/shogivar-1.55b/backend.c:1883:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TmpSTR, " %s", Pieces[abs(CapRef[I])].sname);
data/shogivar-1.55b/backend.c:1884:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(BlackDrop[Z], TmpSTR);
data/shogivar-1.55b/backend.c:1885:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(InHand[I] > 1 ) { strcpy(TmpSTR, BlackDrop[Z]); sprintf(BlackDrop[Z], "%sx%d", TmpSTR, InHand[I]); }
data/shogivar-1.55b/backend.c:1885:53: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(InHand[I] > 1 ) { strcpy(TmpSTR, BlackDrop[Z]); sprintf(BlackDrop[Z], "%sx%d", TmpSTR, InHand[I]); }
data/shogivar-1.55b/backend.c:1893:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(TmpSTR, " %s", Pieces[abs(CapRef[I])].sname);
data/shogivar-1.55b/backend.c:1894:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(WhiteDrop[Z], TmpSTR);
data/shogivar-1.55b/backend.c:1895:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(InHand[I] > 1 ) { strcpy(TmpSTR, WhiteDrop[Z]); sprintf(WhiteDrop[Z], "%sx%d", TmpSTR, InHand[I]); }
data/shogivar-1.55b/backend.c:1895:53: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(InHand[I] > 1 ) { strcpy(TmpSTR, WhiteDrop[Z]); sprintf(WhiteDrop[Z], "%sx%d", TmpSTR, InHand[I]); }
data/shogivar-1.55b/backend.c:1902:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, WhiteDrop[I]); sprintf(WhiteDrop[I], "%-17s|", TmpSTR);
data/shogivar-1.55b/backend.c:1902:35: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strcpy(TmpSTR, WhiteDrop[I]); sprintf(WhiteDrop[I], "%-17s|", TmpSTR);
data/shogivar-1.55b/backend.c:1903:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, BlackDrop[I]); sprintf(BlackDrop[I], "%-17s|", TmpSTR);
data/shogivar-1.55b/backend.c:1903:35: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
strcpy(TmpSTR, BlackDrop[I]); sprintf(BlackDrop[I], "%-17s|", TmpSTR);
data/shogivar-1.55b/backend.c:1917:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SavedSTR, Board.CMDiagram.Filename);
data/shogivar-1.55b/backend.c:1962:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, Pieces[abs(Squares[I][J])].sname); TmpSTR[3 - Short] = 0;
data/shogivar-1.55b/backend.c:1983:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Diagram text file %s created.", Board.CMDiagram.Filename); Notice = 1;
data/shogivar-1.55b/backend.c:1997:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SavedSTR, Board.CMDiagram.Filename);
data/shogivar-1.55b/backend.c:2034:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, Pieces[abs(Squares[I][J])].sname); TmpSTR[3 - Short] = 0;
data/shogivar-1.55b/backend.c:2055:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Diagram text file %s created.", Board.CMDiagram.Filename); Notice = 1;
data/shogivar-1.55b/backend.c:2173:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LionNameSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:2174:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Extra %s move - Double Click on Piece to End Move.", LionNameSTR);
data/shogivar-1.55b/backend.c:2304:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PieceName, Pieces[abs(Squares[L][K])].Name);
data/shogivar-1.55b/backend.c:2305:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, PieceName);
data/shogivar-1.55b/backend.c:2327:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:2503:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(W == 0 ) strcat(CMoveSTR, CR "\n x!"); else strcat(CMoveSTR, ",");
data/shogivar-1.55b/backend.c:2504:19: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(W == 3 ) strcat(CMoveSTR, CR "\n ");
data/shogivar-1.55b/backend.c:2570:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CMoveSTR, TrimSTR(Pieces[abs(Squares[InitFile][InitRank])].sname));
data/shogivar-1.55b/backend.c:2633:59: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Response = MsgBox(" Checkmate! ", 0, (sprintf(StringTmp, "%s Wins!", Turn), StringTmp)); NextTurn();
data/shogivar-1.55b/backend.c:2677:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:2678:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, Pieces[abs(CapRef[I])].Name);
data/shogivar-1.55b/backend.c:2708:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(CMoveSTR, TrimSTR(Pieces[abs(Squares[File][Rank])].sname));
data/shogivar-1.55b/backend.c:2737:101: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(Pieces[abs(CapRef[I])].Promotes > 0 && strcmp(Pieces[abs(CapRef[I])].Name, "Killer Whale") ) strcpy(PromName, Pieces[abs(Pieces[abs(CapRef[I])].Promotes)].Name );else strcpy(PromName, "None");
data/shogivar-1.55b/backend.c:2738:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "Promotes to %s", PromName);
data/shogivar-1.55b/backend.c:3013:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(CMoveSTR + strlen(CMoveSTR), "%s!", TrimSTR(Pieces[abs(Squares[InitFile][InitRank])].sname));
data/shogivar-1.55b/backend.c:3016:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ShortScore[TurnCount + 1], CMoveSTR);
data/shogivar-1.55b/backend.c:3078:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LoadedSTR, Board.CMSave.Filename);
data/shogivar-1.55b/backend.c:3080:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OldChoice, Choice);
data/shogivar-1.55b/backend.c:3085:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Choice, OldChoice);
data/shogivar-1.55b/backend.c:3094:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(f2, "%s", SaveTitleSTR);
data/shogivar-1.55b/backend.c:3096:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Cap, SaveTitleSTR);
data/shogivar-1.55b/backend.c:3097:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:3111:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:3113:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:3136:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LoadedSTR, Start.CMSave.Filename);
data/shogivar-1.55b/backend.c:3139:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OldChoice, Choice);
data/shogivar-1.55b/backend.c:3144:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Choice, OldChoice);
data/shogivar-1.55b/backend.c:3152:5: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(f2, "%s", SaveTitleSTR);
data/shogivar-1.55b/backend.c:3153:35: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strcmp(SaveTitleSTR, "") ) strcpy(Board.Caption, SaveTitleSTR);
data/shogivar-1.55b/backend.c:3168:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:3170:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:3330:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OldComputer, Computer);
data/shogivar-1.55b/backend.c:3331:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, Turn2); strcpy(OldTurn, Turn); strcpy(Turn, Turn2);
data/shogivar-1.55b/backend.c:3331:28: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, Turn2); strcpy(OldTurn, Turn); strcpy(Turn, Turn2);
data/shogivar-1.55b/backend.c:3331:51: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, Turn2); strcpy(OldTurn, Turn); strcpy(Turn, Turn2);
data/shogivar-1.55b/backend.c:3335:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
LookMate = 0; LegalMoves = 0; strcpy(Turn, OldTurn);
data/shogivar-1.55b/backend.c:3336:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, OldComputer);
data/shogivar-1.55b/backend.c:3371:256: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(OriginalPiece > 0 && !strcmp(Turn, "White") && strcmp(Computer, "Black") && strcmp(Computer, "Both") && ((BlackKing == 0 && BlackPrince > 0) || (!strcmp(Choice, "Tenjiku") || !strcmp(Choice, "Maka") || !strcmp(Choice, "Tai"))) ) { Response = MsgBox((sprintf(StringTmp, "You have left your %s in Check! ", Pieces[abs(OriginalPiece)].Name), StringTmp), 0, "Black"); Response = 6; }
data/shogivar-1.55b/backend.c:3372:256: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(OriginalPiece < 0 && !strcmp(Turn, "Black") && strcmp(Computer, "White") && strcmp(Computer, "Both") && ((WhiteKing == 0 && WhitePrince > 0) || (!strcmp(Choice, "Tenjiku") || !strcmp(Choice, "Maka") || !strcmp(Choice, "Tai"))) ) { Response = MsgBox((sprintf(StringTmp, "You have left your %s in Check! ", Pieces[abs(OriginalPiece)].Name), StringTmp), 0, "White"); Response = 6; }
data/shogivar-1.55b/backend.c:3374:174: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(OriginalPiece > 0 && !strcmp(Turn, "White") && strcmp(Computer, "Black") && strcmp(Computer, "Both") && (BlackKing == 1 || BlackPrince == 0) ) { Response = MsgBox((sprintf(StringTmp, "You can't leave your %s in Checkb! ", Pieces[abs(OriginalPiece)].Name), StringTmp), 0, "Black"); Response = 7; }
data/shogivar-1.55b/backend.c:3375:174: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(OriginalPiece < 0 && !strcmp(Turn, "Black") && strcmp(Computer, "White") && strcmp(Computer, "Both") && (WhiteKing == 1 || WhitePrince == 0) ) { Response = MsgBox((sprintf(StringTmp, "You can't leave your %s in Checkw! ", Pieces[abs(OriginalPiece)].Name), StringTmp), 0, "White"); Response = 7; }
data/shogivar-1.55b/backend.c:3385:112: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(!strcmp(Choice, "Tenjiku") || !strcmp(Choice, "Maka") || !strcmp(Choice, "Tai") ) { BestTally[0] = 0; strcpy(Turn2, Turn); }
data/shogivar-1.55b/backend.c:3393:8: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "%s %s is in Check!", Turn2, Pieces[abs(OriginalPiece)].Name);
data/shogivar-1.55b/backend.c:3529:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, Pieces[abs(Squares[InitFile][InitRank])].Name);
data/shogivar-1.55b/backend.c:3569:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(VictimSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:3595:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(Notice < 1 ) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:3617:34: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(Eval == 1 ) { AddTally(); sprintf(Board.Caption, "%-90sEvaluation: %ld", Cap, BestTally[1]); }
data/shogivar-1.55b/backend.c:3628:18: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(Eval == 1 ) sprintf(Board.Caption, "%-90sEvaluation: %d", Cap, Int(BestTally[1]));
data/shogivar-1.55b/backend.c:3652:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, ShortScore[TurnCount]); // Format$(MoveCount) + ". " + ShortScore[TurnCount]
data/shogivar-1.55b/backend.c:3653:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Score[TurnCount].Caption, ShortScore[TurnCount]); strcpy(CMoveSTR, "");
data/shogivar-1.55b/backend.c:3662:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Score[TurnCount].Caption, "%d. %s mate", MoveCount, ShortScore[TurnCount]); // Format$(MoveCount) + ". " + ShortScore[TurnCount] + " mate"
data/shogivar-1.55b/backend.c:3663:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s mate", MoveCount, ShortScore[TurnCount]); // Format$(MoveCount) + ". " + ShortScore[TurnCount] + " mate"
data/shogivar-1.55b/backend.c:3786:26: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(LionPiece == -1 ) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:3793:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PieceName, Pieces[abs(Squares[L][K])].Name);
data/shogivar-1.55b/backend.c:3794:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, PieceName);
data/shogivar-1.55b/backend.c:3816:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "You must move your %s !", LionNameSTR);
data/shogivar-1.55b/backend.c:3842:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(CMoveSTR, TrimSTR(Pieces[abs(Squares[InitFile][InitRank])].sname));
data/shogivar-1.55b/backend.c:3932:88: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(Mate == 1 ) { GameOver = 1; Response = MsgBox(" Checkmate! ", 0, (sprintf(StringTmp, "%s Wins!", Turn), StringTmp)); NextTurn(); }
data/shogivar-1.55b/backend.c:3944:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
PRINT((sprintf(StringTmp, "%s Shogi - Game Record\n", GameName), StringTmp));
data/shogivar-1.55b/backend.c:3961:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FirstScore, Score[W].Caption);
data/shogivar-1.55b/backend.c:3962:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SecondScore, Score[W + 1].Caption);
data/shogivar-1.55b/backend.c:3966:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "1. - %s%s", SecondScore, Spaces); buf[PrintInc] = '\0'; // tabbing
data/shogivar-1.55b/backend.c:3969:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%d. %s %s%s", K, FirstScore, SecondScore, Spaces); buf[PrintInc] = '\0';
data/shogivar-1.55b/backend.c:3997:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(LSTR, Pieces[Pieces[abs(Squares[File][Rank])].Promotes].Name);
data/shogivar-1.55b/backend.c:3998:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(KSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:3999:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(MessageSTR, "Promote to %s ?", LSTR);
data/shogivar-1.55b/backend.c:4016:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(KSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4017:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "%s promotes", KSTR);
data/shogivar-1.55b/backend.c:4033:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PromPieceSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4051:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PromPieceSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4158:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(PieceName, Pieces[abs(Squares[L][K])].Name);
data/shogivar-1.55b/backend.c:4159:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, PieceName);
data/shogivar-1.55b/backend.c:4175:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(VictimSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4178:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "The White %scan not be removed", VictimSTR);
data/shogivar-1.55b/backend.c:4181:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "%s removed", Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4194:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(VictimSTR, Pieces[abs(Squares[File][Rank])].Name);
data/shogivar-1.55b/backend.c:4255:23: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(Forwards != 1 ) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:4328:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:4330:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption); // Format$(MoveCount) + ". " + Score[TurnCount].Caption;
data/shogivar-1.55b/backend.c:4406:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:4408:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption); // Format$(MoveCount) + ". " + Score[TurnCount].Caption;
data/shogivar-1.55b/backend.c:4429:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:4543:33: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Picture = LoadPicture((sprintf(StringTmp, "%s/boards/%s", Direct, Boardbmp), StringTmp));
data/shogivar-1.55b/backend.c:4546:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.White.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "WhiteDn.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4547:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Black.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "BlackUp.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4550:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.White.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "WhiteUp.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4551:40: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Black.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "BlackDn.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SavedSTR, Board.CMSave.Filename);
data/shogivar-1.55b/backend.c:4620:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(AnswerSTR, InputBoxSTR("Please enter a short description of the game.", "Saved Game Description", SaveTitleSTR));
data/shogivar-1.55b/backend.c:4652:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OldThreat, Threat);
data/shogivar-1.55b/backend.c:4694:46: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(strcmp(Board.Caption, SaveTitleSTR) ) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:4760:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/General.rul", Direct);
data/shogivar-1.55b/backend.c:4856:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Datafile, "%s/%s.dat", Direct, Choice);
data/shogivar-1.55b/backend.c:4877:6: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
fscanf(f1, "%[^\n\r] %s %d,%d,%d,%d", Cap, Boardbmp, &Drop, &Boardsize, &Prom, &PromDotY);
data/shogivar-1.55b/backend.c:4888:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, LastGoSTR);
data/shogivar-1.55b/backend.c:4889:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.WhiteClock.Caption, WhiteTimeSTR);
data/shogivar-1.55b/backend.c:4890:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.BlackClock.Caption, BlackTimeSTR);
data/shogivar-1.55b/backend.c:4929:35: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Picture = LoadPicture((sprintf(StringTmp, "%s/boards/%s", Direct, Boardbmp), StringTmp));
data/shogivar-1.55b/backend.c:4930:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:4989:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.White.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "WhiteDn.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4990:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Black.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "BlackUp.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4992:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.White.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "WhiteUp.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:4993:38: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Board.Black.Picture = LoadPicture((sprintf(StringTmp, "%s/%s", Direct, "BlackDn.bmp"), StringTmp));
data/shogivar-1.55b/backend.c:5080:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.PieceID.Caption, "Computer plays %s", Computer); Notice = 1;
data/shogivar-1.55b/backend.c:5104:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/%s.rul", Direct, Choice);
data/shogivar-1.55b/backend.c:5117:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(OldComputer, Computer);
data/shogivar-1.55b/backend.c:5118:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, Turn);
data/shogivar-1.55b/backend.c:5215:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:5226:108: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
if(Pieces[abs(Squares[L][K])].Promotes > 0 && strcmp(Pieces[abs(Squares[L][K])].Name, "Killer Whale") ) sprintf(PromName, "Promotes to %s", Pieces[abs(Pieces[abs(Squares[L][K])].Promotes)].Name); else strcpy(PromName, "Does not promote");
data/shogivar-1.55b/backend.c:5228:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, PromName);
data/shogivar-1.55b/backend.c:5297:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(VictimSTR, Pieces[abs(Squares[InitFile][InitRank])].Name);
data/shogivar-1.55b/backend.c:5362:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Computer, OldComputer);
data/shogivar-1.55b/backend.c:5512:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:5514:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:5528:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:5540:22: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(Tabbing != 1 ) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/backend.c:5614:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.LastMove.Caption, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:5616:6: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:5686:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, FirstScore); FirstScore[AB-1] = 0;
data/shogivar-1.55b/backend.c:5687:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(FirstScore, TmpSTR + AB);
data/shogivar-1.55b/backend.c:5699:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(TmpSTR, SecondScore); SecondScore[AB-1] = 0;
data/shogivar-1.55b/backend.c:5700:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(SecondScore, TmpSTR + AB);
data/shogivar-1.55b/backend.c:5802:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ASTR, Pieces[abs(Score[TurnCount].IDStart)].Name);
data/shogivar-1.55b/backend.c:5852:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SavedSTR, Board.CMDiagram.Filename);
data/shogivar-1.55b/backend.c:5866:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(FirstScore, Score[W].Caption);
data/shogivar-1.55b/backend.c:5867:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(SecondScore, Score[W + 1].Caption);
data/shogivar-1.55b/backend.c:5868:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.Caption, strstr(FirstScore, " "));
data/shogivar-1.55b/backend.c:5878:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.Caption, "Score text file %s created.", Board.CMDiagram.Filename); Notice = 1;
data/shogivar-1.55b/backend.c:5901:26: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
Response = MsgBox((sprintf(StringTmp, "You can't leave your %s in Check! ", Pieces[abs(Squares[File][Rank])].Name), StringTmp), 0, Turn2);
data/shogivar-1.55b/backend.c:5931:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ShortScore[TurnCount], Score[TurnCount].Caption);
data/shogivar-1.55b/backend.c:5932:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Board.LastMove.Caption, "%d. %s", MoveCount, ShortScore[TurnCount]);
data/shogivar-1.55b/dialogs.c:270:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, MSG_SIZ, DATADIR "/titles/%sTit.png", general ? general : Choice);
data/shogivar-1.55b/dialogs.c:272:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, MSG_SIZ, DATADIR "/titles/Piece.png");
data/shogivar-1.55b/dialogs.c:458:5: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(helpFile, MSG_SIZ, DATADIR "/help/%sHelp%d.png", Choice, 3 - helpNr);
data/shogivar-1.55b/dialogs.c:470:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(helpFile, MSG_SIZ, DATADIR "/help/%sHelp%d.png", Choice, helpNr);
data/shogivar-1.55b/dialogs.c:552:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ASTR, "%s %s", ExtraPiece, Pieces[L].Name);
data/shogivar-1.55b/dialogs.c:553:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(Newt, "%-30s %-5s %6d", ASTR, Pieces[L].sname, Pieces[L].number);
data/shogivar-1.55b/dialogs.c:681:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Choice, choice);
data/shogivar-1.55b/dialogs.c:1076:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(old, s);
data/shogivar-1.55b/dialogs.c:1094:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(title, Board.Caption);
data/shogivar-1.55b/draw.c:294:2: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, MSG_SIZ, DATADIR "/pieces/%s%s%d.png", game+skip, suffix, i+1);
data/shogivar-1.55b/draw.c:297:7: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
snprintf(buf, MSG_SIZ, DATADIR "/pieces/Maka%d.png", i < 115 ? i+1 : i - 36);
data/shogivar-1.55b/gtk/gui.c:359:5: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
system(buf); // start new instance on this file
data/shogivar-1.55b/gtk/gui.c:1071:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, filename);
data/shogivar-1.55b/gtk/gui.c:1072:46: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
if(filter && *filter && !strchr(name, '.')) strcat(name, filter+1);
data/shogivar-1.55b/menus.c:288:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Threat, strcmp(Threat, "On") ? "On" : "Off");
data/shogivar-1.55b/menus.c:297:16: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if (!Eval) strcpy(Board.Caption, Cap);
data/shogivar-1.55b/menus.c:298:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Board.PieceID.Caption, Eval ? "Evaluation On" : "Evaluation Off");
data/shogivar-1.55b/menus.c:332:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(Grade, strcmp(Grade, "LessWeak") ? "LessWeak": "Weak");
data/shogivar-1.55b/backend.c:97:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
void Randomize() { srand(GetTime()); }
data/shogivar-1.55b/dialogs.c:37:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/draw.c:65:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/gtk/gui.c:88:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/gtk/gui.c:412:5: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(0)); // [HGM] book: make random truly random
data/shogivar-1.55b/gtk/gui.c:468:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
p = getenv("HOME");
data/shogivar-1.55b/gtk/xoptions.c:37:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/gtk/xtimer.c:66:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/menus.c:70:14: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
extern char *getenv();
data/shogivar-1.55b/backend.c:77:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[80];
data/shogivar-1.55b/backend.c:91:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *NumSTR (int n) { static char buf[20]; snprintf(buf, 20, "% d", n); return buf; }
data/shogivar-1.55b/backend.c:92:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *CharSTR (int n) { static char buf[2]; buf[0] = n; return buf; }
data/shogivar-1.55b/backend.c:345:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[X] > 1) sprintf(Board.Held[X].Caption, "%d", InHand[X]);
data/shogivar-1.55b/backend.c:354:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[Capture + X] > 1) sprintf(Board.Held[Capture + X].Caption, "%d", InHand[Capture + X]);
data/shogivar-1.55b/backend.c:371:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Held[X].Caption, "%d", InHand[X]);
data/shogivar-1.55b/backend.c:379:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Held[Capture + X].Caption, "%d", InHand[Capture + X]);
data/shogivar-1.55b/backend.c:450:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spaces[50];
data/shogivar-1.55b/backend.c:468:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:469:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:477:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Held[X].Caption, "%d", InHand[X]);
data/shogivar-1.55b/backend.c:482:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Held[Capture + X].Caption, "%d", InHand[Capture + X]);
data/shogivar-1.55b/backend.c:704:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "Captured Porpoise becomes a Killer Whale");
data/shogivar-1.55b/backend.c:723:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:724:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:725:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:726:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:731:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:732:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:733:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:734:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:755:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "You can not add any more pieces!");
data/shogivar-1.55b/backend.c:893:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:894:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:944:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Game Over");
data/shogivar-1.55b/backend.c:946:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Board.NextMove.Caption, "White to Move"); else strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:946:87: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Board.NextMove.Caption, "White to Move"); else strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:975:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:976:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:989:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:990:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:1310:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(f4 = fopen((sprintf(StringTmp, CONFIGFILE), StringTmp), "r")) { // [HGM] allow for failing
data/shogivar-1.55b/backend.c:1431:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Tenjiku") ) strcpy(Computer, "None");
data/shogivar-1.55b/backend.c:1480:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(f4 = fopen((sprintf(StringTmp, CONFIGFILE), StringTmp), "w")) {
data/shogivar-1.55b/backend.c:1899:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(!strcmp(WhiteDrop[1], "|") ) strcat(WhiteDrop[1], " Nothing");
data/shogivar-1.55b/backend.c:1900:35: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
if(!strcmp(BlackDrop[1], "|") ) strcat(BlackDrop[1], " Nothing");
data/shogivar-1.55b/backend.c:1913:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.CMDiagram.DialogTitle, "Create Text Diagram");
data/shogivar-1.55b/backend.c:1919:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !(f3 = fopen(SavedSTR, "w")) ) return;
data/shogivar-1.55b/backend.c:1993:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.CMDiagram.DialogTitle, "Create Small Text Diagram");
data/shogivar-1.55b/backend.c:1999:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !(f3 = fopen(SavedSTR, "w")) ) return;
data/shogivar-1.55b/backend.c:2244:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Black Emperor is in Check!"); Notice = 1;
data/shogivar-1.55b/backend.c:2251:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "White Emperor is in Check!"); Notice = 1;
data/shogivar-1.55b/backend.c:2505:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - L) + 1), (K + 96));
data/shogivar-1.55b/backend.c:2571:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - InitFile) + 1), (96 + InitRank));
data/shogivar-1.55b/backend.c:2574:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "x%d%c", (BoardSizeX - LionVictim.File + 1), (96 + LionVictim.Rank));
data/shogivar-1.55b/backend.c:2577:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "-%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:2674:61: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I] < 2 ) strcpy(Board.Held[I].Caption, ""); else sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:2709:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "*%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:2720:61: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I] < 2 ) strcpy(Board.Held[I].Caption, ""); else sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:2737:175: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Pieces[abs(CapRef[I])].Promotes > 0 && strcmp(Pieces[abs(CapRef[I])].Name, "Killer Whale") ) strcpy(PromName, Pieces[abs(Pieces[abs(CapRef[I])].Promotes)].Name );else strcpy(PromName, "None");
data/shogivar-1.55b/backend.c:3074:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.CMSave.DialogTitle, "Load Game");
data/shogivar-1.55b/backend.c:3081:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(LoadedSTR, "r");
data/shogivar-1.55b/backend.c:3132:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Start.CMSave.DialogTitle, "Load Game");
data/shogivar-1.55b/backend.c:3140:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(LoadedSTR, "r");
data/shogivar-1.55b/backend.c:3188:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Turn, "Black"); else strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:3188:59: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Turn, "Black"); else strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:3222:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Turn, "Black"); else strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:3222:59: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Turn, "Black"); else strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:3381:27: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(OriginalPiece < 0 ) strcpy(Turn2, "White"); else strcpy(Turn2, "Black");
data/shogivar-1.55b/backend.c:3381:56: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(OriginalPiece < 0 ) strcpy(Turn2, "White"); else strcpy(Turn2, "Black");
data/shogivar-1.55b/backend.c:3387:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn2, "Black") ) strcpy(Board.PieceID.Caption, "Checkmate! White wins."); else strcpy(Board.PieceID.Caption, "Checkmate! Black wins.");
data/shogivar-1.55b/backend.c:3387:96: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn2, "Black") ) strcpy(Board.PieceID.Caption, "Checkmate! White wins."); else strcpy(Board.PieceID.Caption, "Checkmate! Black wins.");
data/shogivar-1.55b/backend.c:3496:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[MicroCap - 4] > 1 ) sprintf(Board.Held[MicroCap - 4].Caption, "%d", InHand[MicroCap - 4]);
data/shogivar-1.55b/backend.c:3500:34: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[MicroCap + 4] > 1 ) sprintf(Board.Held[MicroCap + 4].Caption, "%d", InHand[MicroCap + 4]);
data/shogivar-1.55b/backend.c:3509:72: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I + 4] < 2 ) strcpy(Board.Held[I + 4].Caption, ""); else sprintf(Board.Held[I - 4].Caption, "%d", InHand[I - 4]);
data/shogivar-1.55b/backend.c:3513:72: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I - 4] < 2 ) strcpy(Board.Held[I - 4].Caption, ""); else sprintf(Board.Held[I - 4].Caption, "%d", InHand[I - 4]);
data/shogivar-1.55b/backend.c:3583:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "Move Pieces with Left Mouse Button (Press Right Mouse Button to Finish)");
data/shogivar-1.55b/backend.c:3585:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:3586:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:3633:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:3640:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:3843:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - InitFile) + 1), (96 + InitRank));
data/shogivar-1.55b/backend.c:3845:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "x%d%c", ((BoardSizeX - LionVictim.File) + 1), (96 + LionVictim.Rank));
data/shogivar-1.55b/backend.c:3856:7: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(CMoveSTR, "x!");
data/shogivar-1.55b/backend.c:3867:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:3941:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ], *Spaces = " ";
data/shogivar-1.55b/backend.c:3943:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if( !(printer = fopen("printed_scores.txt", "a")) ) return; // [HGM] added
data/shogivar-1.55b/backend.c:3975:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "Printing..."); Notice = 1;
data/shogivar-1.55b/backend.c:4089:65: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[Z] < 2 ) strcpy(Board.Held[Z].Caption, ""); else sprintf(Board.Held[Z].Caption, "%d", InHand[Z]);
data/shogivar-1.55b/backend.c:4098:85: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[Capture + Z] < 2 ) strcpy(Board.Held[Capture + Z].Caption, ""); else sprintf(Board.Held[Capture + Z].Caption, "%d", InHand[Capture + Z]);
data/shogivar-1.55b/backend.c:4171:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Select a White piece");
data/shogivar-1.55b/backend.c:4188:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:4259:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "No moves to replay!");
data/shogivar-1.55b/backend.c:4317:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:4318:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:4321:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:4322:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:4341:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Caption, "Move Replayed (%d of %d ) ; Press [Pause] to continue play.", TurnCount, EndTurn);
data/shogivar-1.55b/backend.c:4343:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Caption, "Move Replayed (%d of %d )", TurnCount, EndTurn);
data/shogivar-1.55b/backend.c:4395:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:4396:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:4399:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:4400:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:4503:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I] > 1 ) sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:4580:21: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(InHand[I] > 1 ) sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:4593:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.CMSave.DialogTitle, "Save Game");
data/shogivar-1.55b/backend.c:4598:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f2 = fopen(SavedSTR, "w");
data/shogivar-1.55b/backend.c:4636:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Show Legal Moves - On");
data/shogivar-1.55b/backend.c:4640:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Threat, "On");
data/shogivar-1.55b/backend.c:4642:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OldThreat, "None");
data/shogivar-1.55b/backend.c:4645:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Threat, "Off");
data/shogivar-1.55b/backend.c:4648:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(OldThreat, "None");
data/shogivar-1.55b/backend.c:4651:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Show Legal Moves - Off");
data/shogivar-1.55b/backend.c:4653:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Threat, "Off");
data/shogivar-1.55b/backend.c:4668:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Auto-Promote On");
data/shogivar-1.55b/backend.c:4670:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Auto-Promote Off");
data/shogivar-1.55b/backend.c:4711:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(ElapsedSTR, "%02d:%02d:%02d", Hrs, Mins, Secs);
data/shogivar-1.55b/backend.c:4757:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[20000];
data/shogivar-1.55b/backend.c:4761:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(name, "r"))) {
data/shogivar-1.55b/backend.c:4798:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "Select Handicap Pieces - (Press Right Mouse Button to Start Game)");
data/shogivar-1.55b/backend.c:4800:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "Select Pieces to Remove - (Press Right Mouse Button When Finished)");
data/shogivar-1.55b/backend.c:4803:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.BlackClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:4804:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.WhiteClock.Caption, "00:00:00");
data/shogivar-1.55b/backend.c:4852:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
XA = 0; GameOver = 0; LegalMoves = 0; strcpy(OldThreat, "None");
data/shogivar-1.55b/backend.c:4857:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "Black"); LionPiece = -1; WhiteKing = 0; BlackKing = 0; WhitePrince = 0; BlackPrince = 0; RealLion = 0;
data/shogivar-1.55b/backend.c:4860:40: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.LastMove.Caption, ""); strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:4863:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Tenjiku") ) strcpy(Computer, "None");
data/shogivar-1.55b/backend.c:4864:142: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Chu") || !strcmp(Choice, "Dai") || !strcmp(Choice, "DaiDai") || !strcmp(Choice, "Maka") || !strcmp(Choice, "Tai") ) { strcpy(Grade, "Weak"); SetDifficulty(); }
data/shogivar-1.55b/backend.c:4873:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f1 = fopen(Datafile, "r");
data/shogivar-1.55b/backend.c:4892:6: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Game Ended");
data/shogivar-1.55b/backend.c:4894:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Turn, "White") ) strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:4928:46: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Wa") && Drop == 1 ) strcpy(Boardbmp, "Waboard2.bmp");
data/shogivar-1.55b/backend.c:5007:37: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if(Loading == 1 && InHand[I] > 1 ) sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:5101:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[20000];
data/shogivar-1.55b/backend.c:5105:11: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(name, "r"))) {
data/shogivar-1.55b/backend.c:5119:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.Caption, "The Computer suggests...."); Notice = 5;
data/shogivar-1.55b/backend.c:5141:43: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Board.MnuThreatOff.Enabled == False ) strcpy(Board.PieceID.Caption, "Show Influence or Threats Off");
data/shogivar-1.55b/backend.c:5144:42: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Board.MnuThreatOff.Enabled == True ) strcpy(Board.PieceID.Caption, "Show Influence or Threats On");
data/shogivar-1.55b/backend.c:5213:38: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(TurnChanged) TurnChanged = 0, strcpy(Turn, "White"); // [HGM] added: when handicapping, delay turn change to here, to allow deletion of multiple pieces
data/shogivar-1.55b/backend.c:5226:205: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Pieces[abs(Squares[L][K])].Promotes > 0 && strcmp(Pieces[abs(Squares[L][K])].Name, "Killer Whale") ) sprintf(PromName, "Promotes to %s", Pieces[abs(Pieces[abs(Squares[L][K])].Promotes)].Name); else strcpy(PromName, "Does not promote");
data/shogivar-1.55b/backend.c:5227:62: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Pieces[abs(Squares[L][K])].Name, "Porpoise") ) strcpy(PromName, "Promotes to Killer Whale");
data/shogivar-1.55b/backend.c:5311:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Micro") ) { strcpy(GameName, "Micro"); GameNo = 14; } // Load Micro; Set Board = Micro; }
data/shogivar-1.55b/backend.c:5312:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Whale") ) { strcpy(GameName, "Whale"); GameNo = 15; } // Load Whale; Set Board = Whale; }
data/shogivar-1.55b/backend.c:5314:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Tori") ) { strcpy(GameName, "Bird"); GameNo = 1; } // Load Tori; Set Board = Tori; }
data/shogivar-1.55b/backend.c:5315:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Sho") ) { strcpy(GameName, "Little"); GameNo = 11; } // Load Shogi; Set Board = Shogi; }
data/shogivar-1.55b/backend.c:5316:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Wa") ) { strcpy(GameName, "Wa"); GameNo = 3; } // Load Wa; Set Board = Wa; }
data/shogivar-1.55b/backend.c:5317:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Chu") ) { strcpy(GameName, "Middle"); GameNo = 4; } // Load Chu; Set Board = Chu; }
data/shogivar-1.55b/backend.c:5318:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Dai") ) { strcpy(GameName, "Great"); GameNo = 5; } // Load Dai; Set Board = Dai; }
data/shogivar-1.55b/backend.c:5319:37: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Tenjiku") ) { strcpy(GameName, "Exotic"); GameNo = 6; } // Load Tenjiku; Set Board = Tenjiku; }
data/shogivar-1.55b/backend.c:5320:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "DaiDai") ) { strcpy(GameName, "Great Great"); GameNo = 7; } // Load DaiDai; Set Board = DaiDai; }
data/shogivar-1.55b/backend.c:5321:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Maka") ) { strcpy(GameName, "Ultra Great Great"); GameNo = 8; } // Load Maka; Set Board = Maka; }
data/shogivar-1.55b/backend.c:5322:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Tai") ) { strcpy(GameName, "Grand"); GameNo = 9; } // Load Tai; Set Board = Tai; }
data/shogivar-1.55b/backend.c:5323:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "HShogi") ) { strcpy(GameName, "Early"); GameNo = 12; } // Load HeianSho; Set Board = HeianSho; }
data/shogivar-1.55b/backend.c:5324:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Heian") ) { strcpy(GameName, "Early Great"); GameNo = 10; } // Load Heian; Set Board = Heian; }
data/shogivar-1.55b/backend.c:5325:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Mini") ) { strcpy(GameName, "Mini"); GameNo = 13; } // Load Mini; Set Board = Mini; }
data/shogivar-1.55b/backend.c:5326:34: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Yari") ) { strcpy(GameName, "Yari"); GameNo = 16; } // Load Yari; Set Board = Yari; }
data/shogivar-1.55b/backend.c:5327:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Choice, "Judkin") ) { strcpy(GameName, "Judkin's"); GameNo = 17; } // Load Judkin; Set Board = Judkin; }
data/shogivar-1.55b/backend.c:5428:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Computer, "Black");
data/shogivar-1.55b/backend.c:5433:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Computer plays Black"); Notice = 1;
data/shogivar-1.55b/backend.c:5441:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Computer, "White");
data/shogivar-1.55b/backend.c:5446:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "Computer plays White"); Notice = 1;
data/shogivar-1.55b/backend.c:5500:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:5501:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:5503:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
MoveCount = MoveCount - 1; strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:5504:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:5544:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.PieceID.Caption, "No moves to take back!");
data/shogivar-1.55b/backend.c:5602:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Turn, "White");
data/shogivar-1.55b/backend.c:5603:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "White to Move");
data/shogivar-1.55b/backend.c:5605:29: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
MoveCount = MoveCount - 1; strcpy(Turn, "Black");
data/shogivar-1.55b/backend.c:5606:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:5642:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Caption, "Move Taken Back (% d of% d ) ; Press [Pause] to continue play.", TurnCount, EndTurn);
data/shogivar-1.55b/backend.c:5644:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Board.Caption, "Move Taken Back (% d of% d )", TurnCount, EndTurn);
data/shogivar-1.55b/backend.c:5848:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Board.CMDiagram.DialogTitle, "Create Text Score");
data/shogivar-1.55b/backend.c:5854:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f3 = fopen(SavedSTR, "w");
data/shogivar-1.55b/backend.c:5900:31: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Squares[L][K] == 1 ) strcpy(Turn2, "White"); else strcpy(Turn2, "Black");
data/shogivar-1.55b/backend.c:5900:60: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(Squares[L][K] == 1 ) strcpy(Turn2, "White"); else strcpy(Turn2, "Black");
data/shogivar-1.55b/backend.c:6007:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(Boardbmp, "Waboard2.bmp");
data/shogivar-1.55b/backend.h:7:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char STRING[80];
data/shogivar-1.55b/backend.h:14:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sname[5]; // As String * 4;
data/shogivar-1.55b/dialogs.c:80:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *marked[NrOfDialogs];
data/shogivar-1.55b/dialogs.c:114:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:127:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", *(int*) opts[i].target);
data/shogivar-1.55b/dialogs.c:131:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%4.2f", *(float*) opts[i].target);
data/shogivar-1.55b/dialogs.c:268:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:427:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char helpFile[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:459:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((f = fopen(helpFile, "r"))) {
data/shogivar-1.55b/dialogs.c:492:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *pieceList[NPIECES];
data/shogivar-1.55b/dialogs.c:1004:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lastMsg[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:1011:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:1065:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MSG_SIZ];
data/shogivar-1.55b/dialogs.c:1085:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char textColor[MSG_SIZ];
data/shogivar-1.55b/draw.c:278:35: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if((p = strstr(src, ".bmp"))) strcpy(p, ".png");
data/shogivar-1.55b/draw.c:288:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ], *suffix = "";
data/shogivar-1.55b/gettext.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/shogivar-1.55b/gettext.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/shogivar-1.55b/gettext.h:220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/shogivar-1.55b/gettext.h:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/shogivar-1.55b/gettext.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/shogivar-1.55b/gettext.h:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/shogivar-1.55b/gettext.h:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/shogivar-1.55b/gettext.h:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/shogivar-1.55b/gtk/gui.c:174:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dataDir[MSG_SIZ]; // for expanding ~~
data/shogivar-1.55b/gtk/gui.c:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char masterSettings[MSG_SIZ];
data/shogivar-1.55b/gtk/gui.c:348:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char clickedFile[MSG_SIZ];
data/shogivar-1.55b/gtk/gui.c:357:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[MSG_SIZ];
data/shogivar-1.55b/gtk/gui.c:440:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *fakeArgv[3] = {NULL, clickedFile, NULL};
data/shogivar-1.55b/gtk/gui.c:819:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE* f = fopen(filename, "r");
data/shogivar-1.55b/gtk/gui.c:874:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/shogivar-1.55b/gtk/gui.c:1007:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileext[10] = "";
data/shogivar-1.55b/gtk/gui.c:1097:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[MSG_SIZ];
data/shogivar-1.55b/gtk/xoptions.c:171:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char val[12];
data/shogivar-1.55b/gtk/xoptions.c:196:52: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gtk_spin_button_set_value(opt->handle, atoi(val));
data/shogivar-1.55b/gtk/xoptions.c:855:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[10];
data/shogivar-1.55b/gtk/xoptions.c:1004:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileext[MSG_SIZ];
data/shogivar-1.55b/gtk/xoptions.c:1188:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char def[MSG_SIZ], *msg;
data/shogivar-1.55b/gtk/xoptions.c:1454:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
if ( ((char **) option[i].textValue)[j] == NULL) break;
data/shogivar-1.55b/gtk/xoptions.c:1455:69: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
gtk_combo_box_append_text(GTK_COMBO_BOX(combobox), ((char **) option[i].choice)[j]);
data/shogivar-1.55b/menus.c:210:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ExtraPiece, "Black"); CheckAdd();
data/shogivar-1.55b/menus.c:216:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ExtraPiece, "White"); CheckAdd();
data/shogivar-1.55b/menus.c:229:32: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strcmp(Turn, "White") ) strcpy(Turn, "White"); else strcpy(Turn, "Black");
data/shogivar-1.55b/menus.c:229:60: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(strcmp(Turn, "White") ) strcpy(Turn, "White"); else strcpy(Turn, "Black");
data/shogivar-1.55b/menus.c:230:33: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
MarkMenuItem("Board.Turn", !strcpy(Turn, "White"));
data/shogivar-1.55b/menus.c:307:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "White")) strcpy( Computer, "None"); else
data/shogivar-1.55b/menus.c:308:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "Both")) strcpy( Computer, "Black"); else
data/shogivar-1.55b/menus.c:309:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "Black")) strcpy( Computer, "Both"), w = 2; else
data/shogivar-1.55b/menus.c:310:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "None")) strcpy( Computer, "White"), w = 1;
data/shogivar-1.55b/menus.c:320:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "Black")) strcpy( Computer, "None"); else
data/shogivar-1.55b/menus.c:321:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "Both")) strcpy( Computer, "White"); else
data/shogivar-1.55b/menus.c:322:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "White")) strcpy( Computer, "Both"), b = 2; else
data/shogivar-1.55b/menus.c:323:36: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
if(!strcmp(Computer, "None")) strcpy( Computer, "Black"), b = 1;
data/shogivar-1.55b/menus.c:497:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[512], *p;
data/shogivar-1.55b/backend.c:79:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(start < 1 || start > strlen(s) || len > 79) return buf;
data/shogivar-1.55b/backend.c:80:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s + start - 1, 79); buf[len] = 0;
data/shogivar-1.55b/backend.c:86:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, s, 79); while(*s == ' ') s++;
data/shogivar-1.55b/backend.c:87:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p = s + strlen(s) - 1; while(*p == ' ') p--; p[1] = '\0';
data/shogivar-1.55b/backend.c:454:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(i=strlen(ASTR), j=0; i<38; i++) spaces[j++] = ' '; spaces[j] = 0;
data/shogivar-1.55b/backend.c:471:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:721:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:729:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:741:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:887:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.Held[A].Caption, "");
data/shogivar-1.55b/backend.c:891:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:942:36: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(Notice == 0 && Checked != 1 ) strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:1806:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
K = strlen(ShortScore[I]);
data/shogivar-1.55b/backend.c:1843:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(J = 1; J <= strlen(ShortScore[I]); J++) {
data/shogivar-1.55b/backend.c:1847:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
K = strlen(ShortScore[I]);
data/shogivar-1.55b/backend.c:1871:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(BlackDrop[1], "|"); strcpy(BlackDrop[2], "|"); Z = 1;
data/shogivar-1.55b/backend.c:1871:30: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(BlackDrop[1], "|"); strcpy(BlackDrop[2], "|"); Z = 1;
data/shogivar-1.55b/backend.c:1886:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(BlackDrop[Z]) > 12 ) Z = 2;
data/shogivar-1.55b/backend.c:1889:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(WhiteDrop[2], "|"); strcpy(WhiteDrop[1], "|"); Z = 1;
data/shogivar-1.55b/backend.c:1889:30: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(WhiteDrop[2], "|"); strcpy(WhiteDrop[1], "|"); Z = 1;
data/shogivar-1.55b/backend.c:1896:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(strlen(WhiteDrop[Z]) > 13 ) Z = 2;
data/shogivar-1.55b/backend.c:1928:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(strcpy(GameName, "") ) {
data/shogivar-1.55b/backend.c:1930:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(I = 1; I <= strlen(GameName) + 6; I++) {
data/shogivar-1.55b/backend.c:2010:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(I = 1; I <= strlen(GameName) + 6; I++) {
data/shogivar-1.55b/backend.c:2188:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:2191:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:2201:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:2205:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:2332:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:2344:59: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
MovePiece = 0; Selection = 0; Reduce = 0; Handicap = 0; strcpy(ExtraPiece, "");
data/shogivar-1.55b/backend.c:2503:57: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(W == 0 ) strcat(CMoveSTR, CR "\n x!"); else strcat(CMoveSTR, ",");
data/shogivar-1.55b/backend.c:2505:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - L) + 1), (K + 96));
data/shogivar-1.55b/backend.c:2571:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - InitFile) + 1), (96 + InitRank));
data/shogivar-1.55b/backend.c:2574:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "x%d%c", (BoardSizeX - LionVictim.File + 1), (96 + LionVictim.Rank));
data/shogivar-1.55b/backend.c:2577:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "-%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:2618:35: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Legal[File][Rank] == 3 ) strcat(CMoveSTR, "*");
data/shogivar-1.55b/backend.c:2674:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[I] < 2 ) strcpy(Board.Held[I].Caption, ""); else sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:2709:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "*%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:2720:21: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[I] < 2 ) strcpy(Board.Held[I].Caption, ""); else sprintf(Board.Held[I].Caption, "%d", InHand[I]);
data/shogivar-1.55b/backend.c:2735:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:2986:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(CMoveSTR, "*");
data/shogivar-1.55b/backend.c:3013:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "%s!", TrimSTR(Pieces[abs(Squares[InitFile][InitRank])].sname));
data/shogivar-1.55b/backend.c:3509:28: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[I + 4] < 2 ) strcpy(Board.Held[I + 4].Caption, ""); else sprintf(Board.Held[I - 4].Caption, "%d", InHand[I - 4]);
data/shogivar-1.55b/backend.c:3513:28: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[I - 4] < 2 ) strcpy(Board.Held[I - 4].Caption, ""); else sprintf(Board.Held[I - 4].Caption, "%d", InHand[I - 4]);
data/shogivar-1.55b/backend.c:3653:60: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Score[TurnCount].Caption, ShortScore[TurnCount]); strcpy(CMoveSTR, "");
data/shogivar-1.55b/backend.c:3843:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - InitFile) + 1), (96 + InitRank));
data/shogivar-1.55b/backend.c:3845:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "x%d%c", ((BoardSizeX - LionVictim.File) + 1), (96 + LionVictim.Rank));
data/shogivar-1.55b/backend.c:3865:51: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if((InitFile != File || InitRank != Rank) ) strcat(CMoveSTR, "x"); else strcat(CMoveSTR, "-");
data/shogivar-1.55b/backend.c:3865:79: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if((InitFile != File || InitRank != Rank) ) strcat(CMoveSTR, "x"); else strcat(CMoveSTR, "-");
data/shogivar-1.55b/backend.c:3867:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(CMoveSTR + strlen(CMoveSTR), "%d%c", ((BoardSizeX - File) + 1), (Rank + 96));
data/shogivar-1.55b/backend.c:3913:25: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
if(Legal[L][K] == 3 ) strcat(CMoveSTR, "*");
data/shogivar-1.55b/backend.c:4004:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(CMoveSTR, "=");
data/shogivar-1.55b/backend.c:4041:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(CMoveSTR, "+");
data/shogivar-1.55b/backend.c:4059:5: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(CMoveSTR, "+");
data/shogivar-1.55b/backend.c:4089:25: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[Z] < 2 ) strcpy(Board.Held[Z].Caption, ""); else sprintf(Board.Held[Z].Caption, "%d", InHand[Z]);
data/shogivar-1.55b/backend.c:4098:35: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[Capture + Z] < 2 ) strcpy(Board.Held[Capture + Z].Caption, ""); else sprintf(Board.Held[Capture + Z].Caption, "%d", InHand[Capture + Z]);
data/shogivar-1.55b/backend.c:4193:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:4203:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:4254:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:4441:8: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.Held[W].Caption, "");
data/shogivar-1.55b/backend.c:4454:24: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[X] < 2 ) strcpy(Board.Held[X].Caption, "");
data/shogivar-1.55b/backend.c:4456:34: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(InHand[Capture + X] < 2 ) strcpy(Board.Held[Capture + X].Caption, "");
data/shogivar-1.55b/backend.c:4501:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.Held[I].Caption, "");
data/shogivar-1.55b/backend.c:4573:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.Held[I].Caption, "");
data/shogivar-1.55b/backend.c:4692:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:4859:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(CMoveSTR, ""); TurnCount = 0; EndTurn = 0; MoveCount = 0;
data/shogivar-1.55b/backend.c:4860:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, ""); strcpy(Board.NextMove.Caption, "Black to Move");
data/shogivar-1.55b/backend.c:5005:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.Held[I].Caption, "");
data/shogivar-1.55b/backend.c:5221:6: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:5313:35: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
if(!strcmp(Choice, "Shogi") ) { strcpy(GameName, ""); GameNo = 2; } // Load Shogi; Set Board = Shogi; }
data/shogivar-1.55b/backend.c:5507:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:5539:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.PieceID.Caption, "");
data/shogivar-1.55b/backend.c:5609:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/backend.c:5683:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CD = strlen(FirstScore);
data/shogivar-1.55b/backend.c:5696:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
CD = strlen(SecondScore);
data/shogivar-1.55b/backend.c:5857:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(I = 1; I <= strlen(GameName) + 6; I++) {
data/shogivar-1.55b/backend.c:5930:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Score[TurnCount].Caption[strlen(Score[TurnCount].Caption) - 1] = '=';
data/shogivar-1.55b/dialogs.c:178:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
*dest = malloc(strlen(val)+1);
data/shogivar-1.55b/dialogs.c:179:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(*dest, val, MSG_SIZ - (*dest - opts[i].name) - 1); // copy text there
data/shogivar-1.55b/dialogs.c:540:35: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
MoveCount = 0; TurnCount = 0; strcpy(ExtraPiece, "");
data/shogivar-1.55b/dialogs.c:542:5: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(Board.LastMove.Caption, "");
data/shogivar-1.55b/dialogs.c:996:46: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
while(GetTime() - t < 500) { DoEvents(); usleep(10000); }
data/shogivar-1.55b/dialogs.c:1026:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(lastMsg, message, MSG_SIZ); // [HGM] make available
data/shogivar-1.55b/draw.c:90:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(t) _sleep2(((t)+500)/1000)
data/shogivar-1.55b/gettext.h:206:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/shogivar-1.55b/gettext.h:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/shogivar-1.55b/gettext.h:252:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/shogivar-1.55b/gettext.h:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/shogivar-1.55b/gtk/gui.c:129:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
# define NAMLEN(dirent) strlen((dirent)->d_name)
data/shogivar-1.55b/gtk/gui.c:184:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(t) _sleep2(((t)+500)/1000)
data/shogivar-1.55b/gtk/gui.c:355:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(clickedFile, path, MSG_SIZ); // remember file name, but otherwise ignore
data/shogivar-1.55b/gtk/gui.c:431:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dataDir, path, MSG_SIZ);
data/shogivar-1.55b/gtk/gui.c:441:6: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(10000); // wait 10 msec (and hope this is long enough).
data/shogivar-1.55b/gtk/gui.c:470:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p) + strlen("/.xboardXXXXXx.pgn") + 1;
data/shogivar-1.55b/gtk/gui.c:470:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(p) + strlen("/.xboardXXXXXx.pgn") + 1;
data/shogivar-1.55b/gtk/gui.c:987:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(time * 1000);
data/shogivar-1.55b/gtk/gui.c:1052:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(def) > 0 )
data/shogivar-1.55b/gtk/gui.c:1125:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, textRep, MSG_SIZ);
data/shogivar-1.55b/gtk/xoptions.c:106:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strchr(s, '\n') && strlen(s) < 80) XtSetArg(args[1], XtNinsertPosition, strlen(s)), j++;
data/shogivar-1.55b/gtk/xoptions.c:106:81: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strchr(s, '\n') && strlen(s) < 80) XtSetArg(args[1], XtNinsertPosition, strlen(s)), j++;
data/shogivar-1.55b/gtk/xoptions.c:833:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(v);
data/shogivar-1.55b/gtk/xtimer.c:105:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
#define usleep(t) _sleep2(((t)+500)/1000)
data/shogivar-1.55b/gtk/xtimer.c:233:5: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(1000*ms);
data/shogivar-1.55b/menus.c:501:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, menuName, 511);
ANALYSIS SUMMARY:
Hits = 524
Lines analyzed = 12189 in approximately 0.57 seconds (21375 lines/second)
Physical Source Lines of Code (SLOC) = 10375
Hits@level = [0] 169 [1] 104 [2] 221 [3] 9 [4] 190 [5] 0
Hits@level+ = [0+] 693 [1+] 524 [2+] 420 [3+] 199 [4+] 190 [5+] 0
Hits/KSLOC@level+ = [0+] 66.7952 [1+] 50.506 [2+] 40.4819 [3+] 19.1807 [4+] 18.3133 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.