Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/stormlib-9.22/src/FileStream.cpp Examining data/stormlib-9.22/src/FileStream.h Examining data/stormlib-9.22/src/SBaseCommon.cpp Examining data/stormlib-9.22/src/SBaseDumpData.cpp Examining data/stormlib-9.22/src/SBaseFileTable.cpp Examining data/stormlib-9.22/src/SBaseSubTypes.cpp Examining data/stormlib-9.22/src/SCompression.cpp Examining data/stormlib-9.22/src/SFileAddFile.cpp Examining data/stormlib-9.22/src/SFileAttributes.cpp Examining data/stormlib-9.22/src/SFileCompactArchive.cpp Examining data/stormlib-9.22/src/SFileCreateArchive.cpp Examining data/stormlib-9.22/src/SFileExtractFile.cpp Examining data/stormlib-9.22/src/SFileFindFile.cpp Examining data/stormlib-9.22/src/SFileGetFileInfo.cpp Examining data/stormlib-9.22/src/SFileListFile.cpp Examining data/stormlib-9.22/src/SFileOpenArchive.cpp Examining data/stormlib-9.22/src/SFileOpenFileEx.cpp Examining data/stormlib-9.22/src/SFilePatchArchives.cpp Examining data/stormlib-9.22/src/SFileReadFile.cpp Examining data/stormlib-9.22/src/SFileVerify.cpp Examining data/stormlib-9.22/src/StormCommon.h Examining data/stormlib-9.22/src/StormLib.h Examining data/stormlib-9.22/src/StormPort.h Examining data/stormlib-9.22/src/adpcm/adpcm.cpp Examining data/stormlib-9.22/src/adpcm/adpcm.h Examining data/stormlib-9.22/src/adpcm/adpcm_old.cpp Examining data/stormlib-9.22/src/adpcm/adpcm_old.h Examining data/stormlib-9.22/src/bzip2/blocksort.c Examining data/stormlib-9.22/src/bzip2/bzlib.c Examining data/stormlib-9.22/src/bzip2/bzlib.h Examining data/stormlib-9.22/src/bzip2/bzlib_private.h Examining data/stormlib-9.22/src/bzip2/compress.c Examining data/stormlib-9.22/src/bzip2/crctable.c Examining data/stormlib-9.22/src/bzip2/decompress.c Examining data/stormlib-9.22/src/bzip2/huffman.c Examining data/stormlib-9.22/src/bzip2/randtable.c Examining data/stormlib-9.22/src/huffman/huff.cpp Examining data/stormlib-9.22/src/huffman/huff.h Examining data/stormlib-9.22/src/jenkins/lookup.h Examining data/stormlib-9.22/src/jenkins/lookup3.c Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/hash_memory.c Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c Examining data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_argchk.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cfg.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_macros.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_math.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_misc.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_pk.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_pkcs.h Examining data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h Examining data/stormlib-9.22/src/libtomcrypt/src/math/ltm_desc.c Examining data/stormlib-9.22/src/libtomcrypt/src/math/multi.c Examining data/stormlib-9.22/src/libtomcrypt/src/math/rand_prime.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/base64_decode.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_argchk.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_find_hash.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_find_prng.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_hash_descriptor.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_hash_is_valid.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_libc.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_ltc_mp_descriptor.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_prng_descriptor.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_prng_is_valid.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_register_hash.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/crypt_register_prng.c Examining data/stormlib-9.22/src/libtomcrypt/src/misc/zeromem.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_bit_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_boolean.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_choice.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_ia5_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_object_identifier.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_octet_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_printable_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_ex.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_flexi.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_sequence_multi.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_short_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utctime.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utf8_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_bit_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_boolean.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_ia5_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_object_identifier.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_octet_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_printable_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_sequence_ex.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_sequence_multi.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_set.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_setof.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_short_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_utctime.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_encode_utf8_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_bit_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_boolean.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_ia5_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_object_identifier.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_octet_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_printable_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_sequence.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_short_integer.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_utctime.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_length_utf8_string.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_sequence_free.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_map.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_mul2add.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_mulmod.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_points.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_projective_add_point.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/ecc/ltc_ecc_projective_dbl_point.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_mgf1.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_oaep_decode.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_decode.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_decode.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_exptmod.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_free.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_import.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_make_key.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_sign_hash.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_verify_hash.c Examining data/stormlib-9.22/src/libtomcrypt/src/pk/rsa/rsa_verify_simple.c Examining data/stormlib-9.22/src/libtommath/bn_fast_mp_invmod.c Examining data/stormlib-9.22/src/libtommath/bn_fast_mp_montgomery_reduce.c Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_mul_digs.c Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_mul_high_digs.c Examining data/stormlib-9.22/src/libtommath/bn_fast_s_mp_sqr.c Examining data/stormlib-9.22/src/libtommath/bn_mp_2expt.c Examining data/stormlib-9.22/src/libtommath/bn_mp_abs.c Examining data/stormlib-9.22/src/libtommath/bn_mp_add.c Examining data/stormlib-9.22/src/libtommath/bn_mp_add_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_addmod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_and.c Examining data/stormlib-9.22/src/libtommath/bn_mp_clamp.c Examining data/stormlib-9.22/src/libtommath/bn_mp_clear.c Examining data/stormlib-9.22/src/libtommath/bn_mp_clear_multi.c Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp.c Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_cmp_mag.c Examining data/stormlib-9.22/src/libtommath/bn_mp_cnt_lsb.c Examining data/stormlib-9.22/src/libtommath/bn_mp_copy.c Examining data/stormlib-9.22/src/libtommath/bn_mp_count_bits.c Examining data/stormlib-9.22/src/libtommath/bn_mp_div.c Examining data/stormlib-9.22/src/libtommath/bn_mp_div_2.c Examining data/stormlib-9.22/src/libtommath/bn_mp_div_2d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_div_3.c Examining data/stormlib-9.22/src/libtommath/bn_mp_div_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_is_modulus.c Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_reduce.c Examining data/stormlib-9.22/src/libtommath/bn_mp_dr_setup.c Examining data/stormlib-9.22/src/libtommath/bn_mp_exch.c Examining data/stormlib-9.22/src/libtommath/bn_mp_expt_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_exptmod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_exptmod_fast.c Examining data/stormlib-9.22/src/libtommath/bn_mp_exteuclid.c Examining data/stormlib-9.22/src/libtommath/bn_mp_fread.c Examining data/stormlib-9.22/src/libtommath/bn_mp_fwrite.c Examining data/stormlib-9.22/src/libtommath/bn_mp_gcd.c Examining data/stormlib-9.22/src/libtommath/bn_mp_get_int.c Examining data/stormlib-9.22/src/libtommath/bn_mp_grow.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init_copy.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init_multi.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init_set.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init_set_int.c Examining data/stormlib-9.22/src/libtommath/bn_mp_init_size.c Examining data/stormlib-9.22/src/libtommath/bn_mp_invmod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_invmod_slow.c Examining data/stormlib-9.22/src/libtommath/bn_mp_is_square.c Examining data/stormlib-9.22/src/libtommath/bn_mp_jacobi.c Examining data/stormlib-9.22/src/libtommath/bn_mp_karatsuba_mul.c Examining data/stormlib-9.22/src/libtommath/bn_mp_karatsuba_sqr.c Examining data/stormlib-9.22/src/libtommath/bn_mp_lcm.c Examining data/stormlib-9.22/src/libtommath/bn_mp_lshd.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mod_2d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mod_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_calc_normalization.c Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_reduce.c Examining data/stormlib-9.22/src/libtommath/bn_mp_montgomery_setup.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mul.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_2.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_2d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mul_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_mulmod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_n_root.c Examining data/stormlib-9.22/src/libtommath/bn_mp_neg.c Examining data/stormlib-9.22/src/libtommath/bn_mp_or.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_fermat.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_is_divisible.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_is_prime.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_miller_rabin.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_next_prime.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_rabin_miller_trials.c Examining data/stormlib-9.22/src/libtommath/bn_mp_prime_random_ex.c Examining data/stormlib-9.22/src/libtommath/bn_mp_radix_size.c Examining data/stormlib-9.22/src/libtommath/bn_mp_radix_smap.c Examining data/stormlib-9.22/src/libtommath/bn_mp_rand.c Examining data/stormlib-9.22/src/libtommath/bn_mp_read_radix.c Examining data/stormlib-9.22/src/libtommath/bn_mp_read_signed_bin.c Examining data/stormlib-9.22/src/libtommath/bn_mp_read_unsigned_bin.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_l.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_setup.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_2k_setup_l.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_is_2k.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_is_2k_l.c Examining data/stormlib-9.22/src/libtommath/bn_mp_reduce_setup.c Examining data/stormlib-9.22/src/libtommath/bn_mp_rshd.c Examining data/stormlib-9.22/src/libtommath/bn_mp_set.c Examining data/stormlib-9.22/src/libtommath/bn_mp_set_int.c Examining data/stormlib-9.22/src/libtommath/bn_mp_shrink.c Examining data/stormlib-9.22/src/libtommath/bn_mp_signed_bin_size.c Examining data/stormlib-9.22/src/libtommath/bn_mp_sqr.c Examining data/stormlib-9.22/src/libtommath/bn_mp_sqrmod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_sqrt.c Examining data/stormlib-9.22/src/libtommath/bn_mp_sub.c Examining data/stormlib-9.22/src/libtommath/bn_mp_sub_d.c Examining data/stormlib-9.22/src/libtommath/bn_mp_submod.c Examining data/stormlib-9.22/src/libtommath/bn_mp_to_signed_bin.c Examining data/stormlib-9.22/src/libtommath/bn_mp_to_signed_bin_n.c Examining data/stormlib-9.22/src/libtommath/bn_mp_to_unsigned_bin.c Examining data/stormlib-9.22/src/libtommath/bn_mp_to_unsigned_bin_n.c Examining data/stormlib-9.22/src/libtommath/bn_mp_toom_mul.c Examining data/stormlib-9.22/src/libtommath/bn_mp_toom_sqr.c Examining data/stormlib-9.22/src/libtommath/bn_mp_toradix.c Examining data/stormlib-9.22/src/libtommath/bn_mp_toradix_n.c Examining data/stormlib-9.22/src/libtommath/bn_mp_unsigned_bin_size.c Examining data/stormlib-9.22/src/libtommath/bn_mp_xor.c Examining data/stormlib-9.22/src/libtommath/bn_mp_zero.c Examining data/stormlib-9.22/src/libtommath/bn_prime_tab.c Examining data/stormlib-9.22/src/libtommath/bn_reverse.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_add.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_exptmod.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_mul_digs.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_mul_high_digs.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_sqr.c Examining data/stormlib-9.22/src/libtommath/bn_s_mp_sub.c Examining data/stormlib-9.22/src/libtommath/bncore.c Examining data/stormlib-9.22/src/libtommath/tommath.h Examining data/stormlib-9.22/src/libtommath/tommath_class.h Examining data/stormlib-9.22/src/libtommath/tommath_superclass.h Examining data/stormlib-9.22/src/lzma/C/LzFind.c Examining data/stormlib-9.22/src/lzma/C/LzFind.h Examining data/stormlib-9.22/src/lzma/C/LzFindMt.c Examining data/stormlib-9.22/src/lzma/C/LzFindMt.h Examining data/stormlib-9.22/src/lzma/C/LzHash.h Examining data/stormlib-9.22/src/lzma/C/LzmaDec.c Examining data/stormlib-9.22/src/lzma/C/LzmaDec.h Examining data/stormlib-9.22/src/lzma/C/LzmaEnc.c Examining data/stormlib-9.22/src/lzma/C/LzmaEnc.h Examining data/stormlib-9.22/src/lzma/C/Threads.c Examining data/stormlib-9.22/src/lzma/C/Threads.h Examining data/stormlib-9.22/src/lzma/C/Types.h Examining data/stormlib-9.22/src/pklib/crc32.c Examining data/stormlib-9.22/src/pklib/explode.c Examining data/stormlib-9.22/src/pklib/implode.c Examining data/stormlib-9.22/src/pklib/pklib.h Examining data/stormlib-9.22/src/sparse/sparse.cpp Examining data/stormlib-9.22/src/sparse/sparse.h Examining data/stormlib-9.22/src/zlib/adler32.c Examining data/stormlib-9.22/src/zlib/compress.c Examining data/stormlib-9.22/src/zlib/compress_zlib.c Examining data/stormlib-9.22/src/zlib/crc32.c Examining data/stormlib-9.22/src/zlib/crc32.h Examining data/stormlib-9.22/src/zlib/deflate.c Examining data/stormlib-9.22/src/zlib/deflate.h Examining data/stormlib-9.22/src/zlib/inffast.c Examining data/stormlib-9.22/src/zlib/inffast.h Examining data/stormlib-9.22/src/zlib/inffixed.h Examining data/stormlib-9.22/src/zlib/inflate.c Examining data/stormlib-9.22/src/zlib/inflate.h Examining data/stormlib-9.22/src/zlib/inftrees.c Examining data/stormlib-9.22/src/zlib/inftrees.h Examining data/stormlib-9.22/src/zlib/trees.c Examining data/stormlib-9.22/src/zlib/trees.h Examining data/stormlib-9.22/src/zlib/zconf.h Examining data/stormlib-9.22/src/zlib/zlib.h Examining data/stormlib-9.22/src/zlib/zutil.c Examining data/stormlib-9.22/src/zlib/zutil.h Examining data/stormlib-9.22/storm_dll/storm_dll.cpp Examining data/stormlib-9.22/storm_dll/storm_dll.h Examining data/stormlib-9.22/storm_dll/storm_test.cpp Examining data/stormlib-9.22/stormlib_dll/DllMain.c Examining data/stormlib-9.22/test/StormTest.cpp Examining data/stormlib-9.22/test/TLogHelper.cpp FINAL RESULTS: data/stormlib-9.22/src/FileStream.cpp:2253:13: [4] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. _stprintf(szNameBuff, _T("%s.%u"), pStream->szFileName, nSuffix); data/stormlib-9.22/src/SBaseFileTable.cpp:1894:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pFileEntry->szFileName, szFileName); data/stormlib-9.22/src/SFileFindFile.cpp:412:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(hs->szSearchMask, szMask); data/stormlib-9.22/src/SFileGetFileInfo.cpp:40:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(pFileEntry->szFileName, pSrcFileEntry->szFileName); data/stormlib-9.22/src/SFileGetFileInfo.cpp:943:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(szPseudoName, "File%08u.%s", (unsigned int)(pFileEntry - hf->ha->pFileTable), data2ext[i].szExt); data/stormlib-9.22/src/SFileGetFileInfo.cpp:950:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szFileName, szPseudoName); data/stormlib-9.22/src/SFileGetFileInfo.cpp:981:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szFileName, pFileEntry->szFileName); data/stormlib-9.22/src/SFileOpenFileEx.cpp:64:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szBuffer + pPrefix->nLength, szFileName); data/stormlib-9.22/src/SFilePatchArchives.cpp:739:5: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szHelperFile, FileStream_GetFileName(haBase->pStream)); data/stormlib-9.22/src/SFilePatchArchives.cpp:796:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szPatchFileName, pFileEntry->szFileName); data/stormlib-9.22/src/SFilePatchArchives.cpp:798:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szPlainName, pBaseEntry->szFileName); data/stormlib-9.22/src/StormPort.h:177:11: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. #define _tcscpy strcpy data/stormlib-9.22/src/StormPort.h:177:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). #define _tcscpy strcpy data/stormlib-9.22/src/StormPort.h:178:11: [4] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). #define _tcscat strcat data/stormlib-9.22/src/StormPort.h:178:21: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). #define _tcscat strcat data/stormlib-9.22/src/StormPort.h:183:21: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define _tprintf printf data/stormlib-9.22/src/StormPort.h:184:11: [4] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _stprintf sprintf data/stormlib-9.22/src/StormPort.h:184:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. #define _stprintf sprintf data/stormlib-9.22/src/bzip2/bzlib.c:1418:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(mode2, writing ? "w" : "r" ); data/stormlib-9.22/src/bzip2/bzlib_private.h:65:7: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf ( stderr, \ data/stormlib-9.22/src/bzip2/bzlib_private.h:74:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf) data/stormlib-9.22/src/bzip2/bzlib_private.h:76:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1) data/stormlib-9.22/src/bzip2/bzlib_private.h:78:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2) data/stormlib-9.22/src/bzip2/bzlib_private.h:80:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3) data/stormlib-9.22/src/bzip2/bzlib_private.h:82:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3,za4) data/stormlib-9.22/src/bzip2/bzlib_private.h:84:4: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr,zf,za1,za2,za3,za4,za5) data/stormlib-9.22/src/zlib/zutil.h:201:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # if !defined(vsnprintf) && !defined(NO_vsnprintf) data/stormlib-9.22/src/zlib/zutil.h:203:18: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. # define vsnprintf _vsnprintf data/stormlib-9.22/src/zlib/zutil.h:250:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Trace(x) {if (z_verbose>=0) fprintf x ;} data/stormlib-9.22/src/zlib/zutil.h:251:39: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracev(x) {if (z_verbose>0) fprintf x ;} data/stormlib-9.22/src/zlib/zutil.h:252:40: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracevv(x) {if (z_verbose>1) fprintf x ;} data/stormlib-9.22/src/zlib/zutil.h:253:48: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracec(c,x) {if (z_verbose>0 && (c)) fprintf x ;} data/stormlib-9.22/src/zlib/zutil.h:254:49: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. # define Tracecv(c,x) {if (z_verbose>1 && (c)) fprintf x ;} data/stormlib-9.22/test/StormTest.cpp:361:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szBuffer, szExtraString); data/stormlib-9.22/test/StormTest.cpp:364:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(szBuffer, szFileName); data/stormlib-9.22/test/StormTest.cpp:518:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szBuffer, szFullPath1); data/stormlib-9.22/test/StormTest.cpp:708:5: [4] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. _stprintf(szSearchMask, _T("%s\\*"), szDirectory); data/stormlib-9.22/test/StormTest.cpp:759:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szDirEntry, directory_entry->d_name); data/stormlib-9.22/test/StormTest.cpp:803:17: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szPlainName, szDirEntry); data/stormlib-9.22/test/StormTest.cpp:872:25: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szPlainName1, wf.cFileName); data/stormlib-9.22/test/StormTest.cpp:873:25: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szPlainName2, wf.cFileName); data/stormlib-9.22/test/StormTest.cpp:881:25: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szPlainName1, wf.cFileName); data/stormlib-9.22/test/StormTest.cpp:882:25: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szPlainName2, wf.cFileName); data/stormlib-9.22/test/StormTest.cpp:1059:9: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szBuffer, szFullPath); data/stormlib-9.22/test/StormTest.cpp:1330:9: [4] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. _stprintf(szMirrorPath, _T("%s*%s"), szCopyPath, szMasterPath); data/stormlib-9.22/test/StormTest.cpp:1708:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szMostPatched, sf.cFileName); data/stormlib-9.22/test/StormTest.cpp:4138:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(szArchivedName, szFileMask, i); data/stormlib-9.22/test/StormTest.cpp:4152:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(szArchivedName, szFileMask, i); data/stormlib-9.22/test/StormTest.cpp:4235:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(szArchivedName, szFileMask, i + 1); data/stormlib-9.22/test/TLogHelper.cpp:194:15: [4] (format) _vstprintf: Potential format string problem (CWE-134). Make format string constant. nLength = _vstprintf(szMessage, szFormatBuff, argList); data/stormlib-9.22/test/TLogHelper.cpp:301:15: [4] (format) vsprintf: Potential format string problem (CWE-134). Make format string constant. nLength = vsprintf(szMessage, szFormatBuff, argList); data/stormlib-9.22/test/TLogHelper.cpp:377:13: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szBuffer, szStringFormat); data/stormlib-9.22/test/TLogHelper.cpp:385:13: [4] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. _tcscpy(szBuffer, szUint64Format); data/stormlib-9.22/test/TLogHelper.cpp:407:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szBuffer, szStringFormat); data/stormlib-9.22/test/TLogHelper.cpp:415:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(szBuffer, szUint64Format); data/stormlib-9.22/src/lzma/C/Threads.c:77:5: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. InitializeCriticalSection(p); data/stormlib-9.22/src/lzma/C/Threads.h:52:34: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. #define CriticalSection_Enter(p) EnterCriticalSection(p) data/stormlib-9.22/src/FileStream.cpp:96:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). handle = open(pStream->szFileName, O_RDWR | O_CREAT | O_TRUNC | O_LARGEFILE, S_IRUSR | S_IWUSR | S_IRGRP | S_IROTH); data/stormlib-9.22/src/FileStream.cpp:148:18: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). handle = open(szFileName, oflag | O_LARGEFILE); data/stormlib-9.22/src/FileStream.cpp:497:14: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). handle = open(szFileName, O_RDONLY); data/stormlib-9.22/src/FileStream.cpp:545:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvBuffer, pStream->Base.Map.pbFile + (size_t)ByteOffset, dwBytesToRead); data/stormlib-9.22/src/FileStream.cpp:630:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szServerName[MAX_PATH]; data/stormlib-9.22/src/FileStream.cpp:719:9: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szRangeRequest[0x80]; data/stormlib-9.22/src/FileStream.cpp:730:13: [2] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. _stprintf(szRangeRequest, _T("Range: bytes=%u-%u"), (unsigned int)dwStartOffset, (unsigned int)dwEndOffset); data/stormlib-9.22/src/FileStream.cpp:937:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvBuffer, TransferBuffer + BlockBufferOffset, dwBytesToRead); data/stormlib-9.22/src/FileStream.cpp:1039:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pStream->szFileName, szFileName, FileNameSize); data/stormlib-9.22/src/FileStream.cpp:1668:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(PartHeader.GameBuildNumber, "%u", (unsigned int)pStream->BuildNumber); data/stormlib-9.22/src/FileStream.cpp:1887:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbKeyBuffer, szKeyTemplate, MPQE_CHUNK_SIZE); data/stormlib-9.22/src/FileStream.cpp:1912:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(KeyMirror, pbKey, MPQE_CHUNK_SIZE); data/stormlib-9.22/src/FileStream.cpp:2028:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(FileHeader, EncryptedHeader, MPQE_CHUNK_SIZE); data/stormlib-9.22/src/FileStream.cpp:2194:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pStream->Base, BaseArray + i, sizeof(TBaseProviderData)); data/stormlib-9.22/src/FileStream.cpp:2268:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NewBaseArray, pStream->FileBitmap, sizeof(TBaseProviderData) * dwBaseFiles); data/stormlib-9.22/src/FileStream.cpp:2273:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(NewBaseArray + dwBaseFiles, &pStream->Base, sizeof(TBaseProviderData)); data/stormlib-9.22/src/FileStream.h:92:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char GameBuildNumber[0x20]; // Minimum build number of the game that can use this MPQ data/stormlib-9.22/src/SBaseCommon.cpp:31:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char AsciiToLowerTable[256] = data/stormlib-9.22/src/SBaseCommon.cpp:53:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char AsciiToUpperTable[256] = data/stormlib-9.22/src/SBaseCommon.cpp:75:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char AsciiToUpperTable_Slash[256] = data/stormlib-9.22/src/SBaseCommon.cpp:107:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szTarget, szSource, cchSource); data/stormlib-9.22/src/SBaseCommon.cpp:166:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szTarget, szSource, cchSource * sizeof(TCHAR)); data/stormlib-9.22/src/SBaseCommon.cpp:347:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameBuff[0x108]; data/stormlib-9.22/src/SBaseFileTable.cpp:873:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pHashTable, ha->pHashTable, HashTableSize); data/stormlib-9.22/src/SBaseFileTable.cpp:1245:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pHetTable->pNameHashes, pbSrcData, dwTotalCount); data/stormlib-9.22/src/SBaseFileTable.cpp:1248:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pHetTable->pBetIndexes->Elements, pbSrcData + dwTotalCount, pHetTable->pBetIndexes->NumberOfBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1370:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pHetHeader, &HetHeader, sizeof(TMPQHetHeader)); data/stormlib-9.22/src/SBaseFileTable.cpp:1374:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTrgData, pHetTable->pNameHashes, pHetTable->dwTotalCount); data/stormlib-9.22/src/SBaseFileTable.cpp:1378:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTrgData, pHetTable->pBetIndexes->Elements, HetHeader.dwIndexTableSize); data/stormlib-9.22/src/SBaseFileTable.cpp:1627:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBetTable->pFileFlags, pbSrcData, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1641:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBetTable->pFileTable->Elements, pbSrcData, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1655:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBetTable->pNameHashes->Elements, pbSrcData, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1692:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pBetHeader, &BetHeader, sizeof(TMPQBetHeader)); data/stormlib-9.22/src/SBaseFileTable.cpp:1737:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTrgData, FlagArray, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1743:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTrgData, pBitArray->Elements, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:1770:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTrgData, pBitArray->Elements, LengthInBytes); data/stormlib-9.22/src/SBaseFileTable.cpp:2917:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&SaveMpqHeader, pHeader, pHeader->dwHeaderSize); data/stormlib-9.22/src/SBaseSubTypes.cpp:145:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ha->HeaderData, &Header, sizeof(TMPQHeader)); data/stormlib-9.22/src/SBaseSubTypes.cpp:347:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char MpkDecryptionKey[512] = data/stormlib-9.22/src/SBaseSubTypes.cpp:427:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ha->HeaderData, &Header, sizeof(TMPQHeader)); data/stormlib-9.22/src/SCompression.cpp:206:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buf, pInfo->pbInBuff, nToRead); data/stormlib-9.22/src/SCompression.cpp:230:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pInfo->pbOutBuff, buf, nToWrite); data/stormlib-9.22/src/SCompression.cpp:485:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, encodedProps, encodedPropsSize); data/stormlib-9.22/src/SCompression.cpp:695:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, pvInBuffer, cbInBuffer); data/stormlib-9.22/src/SCompression.cpp:728:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, pvInBuffer, cbInBuffer); data/stormlib-9.22/src/SCompression.cpp:772:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char CompressByte[0x10]; // CompressByte for each method in the CompressFuncArray array data/stormlib-9.22/src/SCompression.cpp:862:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutput + nAtLeastOneCompressionDone, pbInput, cbInLength); data/stormlib-9.22/src/SCompression.cpp:885:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, pvInBuffer, cbInBuffer); data/stormlib-9.22/src/SCompression.cpp:939:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, pvInBuffer, cbInBuffer); data/stormlib-9.22/src/SCompression.cpp:1039:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvOutBuffer, pvInBuffer, cbInBuffer); data/stormlib-9.22/src/SFileAddFile.cpp:163:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf->pbFileSector + dwBytesInSector, pbFileData, dwBytesToCopy); data/stormlib-9.22/src/SFileAddFile.cpp:332:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SectorOffsetsCopy, hf->SectorOffsets, dwSectorOffsLen); data/stormlib-9.22/src/SFileAddFile.cpp:676:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf->pPatchInfo->md5, hf->pFileEntry->md5, MD5_DIGEST_SIZE); data/stormlib-9.22/src/SFileAttributes.cpp:217:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ha->pFileTable[i].md5, ArrayMd5, MD5_DIGEST_SIZE); data/stormlib-9.22/src/SFileAttributes.cpp:314:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbArrayMD5, pFileEntry->md5, MD5_DIGEST_SIZE); data/stormlib-9.22/src/SFileCompactArchive.cpp:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char DataBuffer[0x1000]; data/stormlib-9.22/src/SFileCompactArchive.cpp:199:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(SectorOffsetsCopy, hf->SectorOffsets, dwSectorOffsLen); data/stormlib-9.22/src/SFileCompactArchive.cpp:533:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szTempFile[MAX_PATH+1] = _T(""); data/stormlib-9.22/src/SFileCompactArchive.cpp:612:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&SaveMpqHeader, ha->pHeader, ha->pHeader->dwHeaderSize); data/stormlib-9.22/src/SFileExtractFile.cpp:39:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szBuffer[0x1000]; data/stormlib-9.22/src/SFileFindFile.cpp:26:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSearchMask[1]; // Search mask (variable length) data/stormlib-9.22/src/SFileFindFile.cpp:180:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[MAX_PATH+1]; data/stormlib-9.22/src/SFileFindFile.cpp:220:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameBuff[MAX_PATH]; data/stormlib-9.22/src/SFileFindFile.cpp:243:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szNameBuff, "File%08u.xxx", (unsigned int)dwBlockIndex); data/stormlib-9.22/src/SFileGetFileInfo.cpp:33:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pFileEntry, pSrcFileEntry, sizeof(TFileEntry)); data/stormlib-9.22/src/SFileGetFileInfo.cpp:114:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szFileInfo, szFileName, nLength * sizeof(TCHAR)); data/stormlib-9.22/src/SFileGetFileInfo.cpp:810:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvFileInfo, pvSrcFileInfo, cbSrcFileInfo); data/stormlib-9.22/src/SFileGetFileInfo.cpp:940:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPseudoName[20] = ""; data/stormlib-9.22/src/SFileListFile.cpp:113:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pCache->szWildCard, szWildCard, cchWildCard); data/stormlib-9.22/src/SFileListFile.cpp:587:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(lpFindFileData->cFileName, szFileName, nLength); data/stormlib-9.22/src/SFileOpenArchive.cpp:287:29: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(ha->pUserData, pUserData, sizeof(TMPQUserData)); data/stormlib-9.22/src/SFileOpenFileEx.cpp:63:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, pPrefix->szPatchPrefix, pPrefix->nLength); data/stormlib-9.22/src/SFileOpenFileEx.cpp:75:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileNameT[MAX_PATH]; data/stormlib-9.22/src/SFileOpenFileEx.cpp:111:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNameBuffer[MAX_PATH]; data/stormlib-9.22/src/SFilePatchArchives.cpp:215:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbTarget, pbSource, pPatcher->cbFileData); data/stormlib-9.22/src/SFilePatchArchives.cpp:277:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbNewData + dwNewOffset, pDataBlock, dwAddDataLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:298:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbNewData + dwNewOffset, pExtraBlock, dwMovDataLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:336:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pFullPatch, &PatchHeader, sizeof(MPQ_PATCH_HEADER)); data/stormlib-9.22/src/SFilePatchArchives.cpp:404:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pPatcher->this_md5, pFullPatch->md5_after_patch, MD5_DIGEST_SIZE); data/stormlib-9.22/src/SFilePatchArchives.cpp:429:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pNewPrefix->szPatchPrefix, szFileName, nLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:445:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szTempName[MAX_SC2_PATCH_PREFIX + 0x41]; data/stormlib-9.22/src/SFilePatchArchives.cpp:453:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szTempName, szPatchPrefix, nLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:454:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&szTempName[nLength], "\\(patch_metadata)", 18); data/stormlib-9.22/src/SFilePatchArchives.cpp:509:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[0x40]; data/stormlib-9.22/src/SFilePatchArchives.cpp:518:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szFileName, pMpqInfo->szNameTemplate, pMpqInfo->nLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:525:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szFileName + pMpqInfo->nLength, "-md5.lst", 9); data/stormlib-9.22/src/SFilePatchArchives.cpp:547:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szNamePrefix[0x08]; data/stormlib-9.22/src/SFilePatchArchives.cpp:585:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPatchPrefix[MAX_SC2_PATCH_PREFIX+0x41]; data/stormlib-9.22/src/SFilePatchArchives.cpp:679:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileData[MAX_PATH+1]; data/stormlib-9.22/src/SFilePatchArchives.cpp:714:25: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szPatchPrefix, szLinePtr, nLength); data/stormlib-9.22/src/SFilePatchArchives.cpp:733:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szHelperFile[MAX_PATH+1]; data/stormlib-9.22/src/SFilePatchArchives.cpp:734:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPatchPrefix[MAX_SC2_PATCH_PREFIX+0x41]; data/stormlib-9.22/src/SFilePatchArchives.cpp:742:5: [2] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. _tcscat(szHelperFile, _T("-PATCH")); data/stormlib-9.22/src/SFilePatchArchives.cpp:951:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pPatcher->this_md5, hf->pFileEntry->md5, MD5_DIGEST_SIZE); data/stormlib-9.22/src/SFileReadFile.cpp:195:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutSector, pbInSector, dwBytesInThisSector); data/stormlib-9.22/src/SFileReadFile.cpp:316:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf->pbFileSector, pbRawData, hf->dwDataSize); data/stormlib-9.22/src/SFileReadFile.cpp:343:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvBuffer, hf->pbFileSector + dwFilePos, dwToRead); data/stormlib-9.22/src/SFileReadFile.cpp:413:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(hf->pbFileSector, pbRawData, hf->dwDataSize); data/stormlib-9.22/src/SFileReadFile.cpp:440:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvBuffer, hf->pbFileSector + dwFilePos, dwToRead); data/stormlib-9.22/src/SFileReadFile.cpp:514:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbBuffer, hf->pbFileSector + dwBufferOffs, dwToCopy); data/stormlib-9.22/src/SFileReadFile.cpp:562:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbBuffer, hf->pbFileSector, dwToCopy); data/stormlib-9.22/src/SFileReadFile.cpp:616:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pvBuffer, hf->pbFileData + dwFilePos, dwToRead); data/stormlib-9.22/src/SFileVerify.cpp:118:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char decoded_key[0x200]; data/stormlib-9.22/src/SFileVerify.cpp:160:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szMapHeader[0x200]; data/stormlib-9.22/src/SFileVerify.cpp:264:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char szUpperCase[0x200]; data/stormlib-9.22/src/SFileVerify.cpp:289:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPlainName[MAX_PATH]; data/stormlib-9.22/src/SFileVerify.cpp:330:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state)); data/stormlib-9.22/src/SFileVerify.cpp:333:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state)); data/stormlib-9.22/src/SFileVerify.cpp:338:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&sha1_state_temp, &sha1_state, sizeof(hash_state)); data/stormlib-9.22/src/SFileVerify.cpp:458:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(RevSignature, &pSI->Signature[8], MPQ_WEAK_SIGNATURE_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:495:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char reversed_signature[MPQ_STRONG_SIGNATURE_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:496:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Sha1Digest_tail0[SHA1_DIGEST_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:497:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Sha1Digest_tail1[SHA1_DIGEST_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:498:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Sha1Digest_tail2[SHA1_DIGEST_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:499:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char padded_digest[MPQ_STRONG_SIGNATURE_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:508:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(reversed_signature, &pSI->Signature[4], MPQ_STRONG_SIGNATURE_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:517:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:524:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded_digest + digest_offset, Sha1Digest_tail1, SHA1_DIGEST_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:531:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded_digest + digest_offset, Sha1Digest_tail2, SHA1_DIGEST_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:538:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:545:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(padded_digest + digest_offset, Sha1Digest_tail0, SHA1_DIGEST_SIZE); data/stormlib-9.22/src/SFileVerify.cpp:563:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char md5[MD5_DIGEST_SIZE]; data/stormlib-9.22/src/SFileVerify.cpp:717:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pMD5, md5, MD5_DIGEST_SIZE); data/stormlib-9.22/src/StormCommon.h:130:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char AsciiToLowerTable[256]; data/stormlib-9.22/src/StormCommon.h:131:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char AsciiToUpperTable[256]; data/stormlib-9.22/src/StormLib.h:610:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_BlockTable[MD5_DIGEST_SIZE]; // MD5 of the block table before decryption data/stormlib-9.22/src/StormLib.h:611:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_HashTable[MD5_DIGEST_SIZE]; // MD5 of the hash table before decryption data/stormlib-9.22/src/StormLib.h:612:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_HiBlockTable[MD5_DIGEST_SIZE]; // MD5 of the hi-block table data/stormlib-9.22/src/StormLib.h:613:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_BetTable[MD5_DIGEST_SIZE]; // MD5 of the BET table before decryption data/stormlib-9.22/src/StormLib.h:614:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_HetTable[MD5_DIGEST_SIZE]; // MD5 of the HET table before decryption data/stormlib-9.22/src/StormLib.h:615:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char MD5_MpqHeader[MD5_DIGEST_SIZE]; // MD5 of the MPQ header from signature to (including) MD5_HetTable data/stormlib-9.22/src/StormLib.h:800:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szPatchPrefix[1]; // Patch name prefix (variable length). If not empty, it always starts with backslash. data/stormlib-9.22/src/StormLib.h:891:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hctx[HASH_STATE_SIZE]; // Hash state for MD5. Used when saving file to MPQ data/stormlib-9.22/src/StormLib.h:904:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cFileName[MAX_PATH]; // Full name of the found file data/stormlib-9.22/src/adpcm/adpcm_old.cpp:29:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char b[2]; data/stormlib-9.22/src/bzip2/bzlib.c:1391:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unused[BZ_MAX_UNUSED]; data/stormlib-9.22/src/bzip2/bzlib.c:1394:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mode2[10] = ""; data/stormlib-9.22/src/bzip2/bzlib.c:1426:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(path,mode2); data/stormlib-9.22/src/huffman/huff.cpp:225:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char * WeightTables[0x09] = data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:58:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char Worder[64] = { data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:65:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char Rorder[64] = { data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:320:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[16]; data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:347:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[16]; data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:352:34: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:252:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hash[20]; data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:267:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char tmp[20]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:28:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char K[33][16]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:68:16: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char S[32], start; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:81:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char safer_block_t[LTC_SAFER_BLOCK_LEN]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:82:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char safer_key_t[LTC_SAFER_KEY_LEN]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:114:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char key[10]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:222:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IV[MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:240:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IV[MAXBLOCKSIZE]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:254:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IV[MAXBLOCKSIZE]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:276:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ctr[MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:292:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IV[16], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:305:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char PC[16][256][16]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_cipher.h:320:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char IV[MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h:55:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #ifdef memcpy data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_custom.h:58:18: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define XMEMCPY memcpy data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:6:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[128]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:14:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:22:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:38:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:46:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:52:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char chksum[16], X[48], buf[16]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:60:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:68:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:76:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:84:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:92:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[64]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:100:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char state[MAXBLOCKSIZE], buf[MAXBLOCKSIZE]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_hash.h:360:12: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(md-> state_var .buf + md-> state_var.curlen, in, (size_t)n); \ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:32:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char block[MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:59:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char Ls[32][MAXBLOCKSIZE], /* L shifted by i bits to the left */ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:106:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char N[MAXBLOCKSIZE]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:142:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char L[MAXBLOCKSIZE], /* L value */ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:236:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char H[16], /* multiplier */ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:251:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char PC[16][256][16] /* 16 tables of 8x128 */ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:297:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char state[16]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:318:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char K[3][MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_mac.h:350:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char akey[MAXBLOCKSIZE], data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:5:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pool[MAXBLOCKSIZE]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:14:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[256]; data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:24:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char K[32], /* the current key */ data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:51:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char dummy[1]; data/stormlib-9.22/src/libtomcrypt/src/misc/base64_decode.c:21:23: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const unsigned char map[256] = { data/stormlib-9.22/src/libtomcrypt/src/pk/asn1/der_decode_utctime.c:52:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[32]; data/stormlib-9.22/src/libtommath/bn_mp_is_square.c:19:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char rem_128[128] = { data/stormlib-9.22/src/libtommath/bn_mp_is_square.c:30:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char rem_105[105] = { data/stormlib-9.22/src/lzma/C/LzmaDec.c:781:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->tempBuf, src, inSize); data/stormlib-9.22/src/lzma/C/LzmaDec.c:869:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest, p->dic + dicPos, outSizeCur); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:350:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:351:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:354:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:355:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:356:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:357:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:358:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:359:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:360:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:361:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:362:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << p->lclp) * sizeof(CLzmaProb)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:376:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isMatch[i], p->isMatch[i], sizeof(p->isMatch[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:377:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep0Long[i], p->isRep0Long[i], sizeof(p->isRep0Long[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:380:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posSlotEncoder[i], p->posSlotEncoder[i], sizeof(p->posSlotEncoder[i])); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:381:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRep, p->isRep, sizeof(p->isRep)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:382:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG0, p->isRepG0, sizeof(p->isRepG0)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:383:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG1, p->isRepG1, sizeof(p->isRepG1)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:384:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->isRepG2, p->isRepG2, sizeof(p->isRepG2)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:385:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posEncoders, p->posEncoders, sizeof(p->posEncoders)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:386:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->posAlignEncoder, p->posAlignEncoder, sizeof(p->posAlignEncoder)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:387:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->reps, p->reps, sizeof(p->reps)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:388:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->litProbs, p->litProbs, (0x300 << dest->lclp) * sizeof(CLzmaProb)); data/stormlib-9.22/src/lzma/C/LzmaEnc.c:2101:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->data, data, size); data/stormlib-9.22/src/pklib/implode.c:742:53: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. pWork->nChBits[nCount] = (unsigned char )(ChBitsAsc[nCount] + 1); data/stormlib-9.22/src/pklib/implode.c:765:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pWork->dist_codes, DistCode, sizeof(DistCode)); data/stormlib-9.22/src/pklib/implode.c:766:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&pWork->dist_bits, DistBits, sizeof(DistBits)); data/stormlib-9.22/src/pklib/pklib.h:54:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dist_bits[0x40]; // 001C: Distance bits data/stormlib-9.22/src/pklib/pklib.h:55:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char dist_codes[0x40]; // 005C: Distance codes data/stormlib-9.22/src/pklib/pklib.h:56:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char nChBits[0x306]; // 009C: Table of literal bit lengths to be put to the output stream data/stormlib-9.22/src/pklib/pklib.h:68:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char out_buff[0x802]; // 1FCA: Compressed data data/stormlib-9.22/src/pklib/pklib.h:69:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char work_buff[0x2204]; // 27CC: Work buffer data/stormlib-9.22/src/pklib/pklib.h:95:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char out_buff[0x2204]; // 0030: Output circle buffer. data/stormlib-9.22/src/pklib/pklib.h:99:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char in_buff[0x800]; // 2234: Buffer for data to be decompressed data/stormlib-9.22/src/pklib/pklib.h:100:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DistPosCodes[0x100]; // 2A34: Table of distance position codes data/stormlib-9.22/src/pklib/pklib.h:101:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char LengthCodes[0x100]; // 2B34: Table of length codes data/stormlib-9.22/src/pklib/pklib.h:102:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offs2C34[0x100]; // 2C34: Buffer for data/stormlib-9.22/src/pklib/pklib.h:103:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offs2D34[0x100]; // 2D34: Buffer for data/stormlib-9.22/src/pklib/pklib.h:104:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offs2E34[0x80]; // 2EB4: Buffer for data/stormlib-9.22/src/pklib/pklib.h:105:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char offs2EB4[0x100]; // 2EB4: Buffer for data/stormlib-9.22/src/pklib/pklib.h:106:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ChBitsAsc[0x100]; // 2FB4: Buffer for data/stormlib-9.22/src/pklib/pklib.h:107:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char DistBits[0x40]; // 30B4: Numbers of bytes to skip copied block length data/stormlib-9.22/src/pklib/pklib.h:108:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char LenBits[0x10]; // 30F4: Numbers of bits for skip copied block length data/stormlib-9.22/src/pklib/pklib.h:109:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char ExLenBits[0x10]; // 3104: Number of valid bits for copied block data/stormlib-9.22/src/sparse/sparse.cpp:90:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutBuffer, pbInBuffer, 0x80); data/stormlib-9.22/src/sparse/sparse.cpp:110:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutBuffer, pbInBuffer, 1); data/stormlib-9.22/src/sparse/sparse.cpp:127:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutBuffer, pbInBuffer, NumberOfNonZeros); data/stormlib-9.22/src/sparse/sparse.cpp:198:17: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutBuffer, pbInBuffer, NumberOfNonZeros); data/stormlib-9.22/src/sparse/sparse.cpp:266:13: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(pbOutBuffer, pbInBuffer, cbChunkSize); data/stormlib-9.22/src/zlib/crc32.c:163:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). out = fopen("crc32.h", "w"); data/stormlib-9.22/src/zlib/inflate.c:607:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char hbuf[4]; /* buffer for gzip header crc calculation */ data/stormlib-9.22/src/zlib/inflate.c:1350:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buf[4]; /* to restore bit buffer to byte string */ data/stormlib-9.22/src/zlib/trees.c:335:20: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *header = fopen("trees.h", "w"); data/stormlib-9.22/src/zlib/zutil.c:14:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * const z_errmsg[10] = { data/stormlib-9.22/src/zlib/zutil.h:43:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char * const z_errmsg[10]; /* indexed by 2-zlib_error */ data/stormlib-9.22/src/zlib/zutil.h:101:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fopen((name), (mode), "mbc=60", "ctx=stm", "rfm=fix", "mrs=512") data/stormlib-9.22/src/zlib/zutil.h:175:30: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). # define F_OPEN(name, mode) fopen((name), (mode)) data/stormlib-9.22/src/zlib/zutil.h:234:21: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define zmemcpy memcpy data/stormlib-9.22/test/StormTest.cpp:276:8: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static TCHAR szMpqDirectory[MAX_PATH+1]; data/stormlib-9.22/test/StormTest.cpp:328:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szHexaDigit[4]; data/stormlib-9.22/test/StormTest.cpp:355:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(szBuffer, szFileName, nLength); data/stormlib-9.22/test/StormTest.cpp:619:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPathT[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:629:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char sha1_digest[SHA1_DIGEST_SIZE]; data/stormlib-9.22/test/StormTest.cpp:705:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szSearchMask[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:729:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szDirEntryT[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:730:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szDirEntryA[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:784:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szDirEntry[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:832:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szWorkBuff[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:848:5: [2] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. _tcscat(szSource, _T("\\*")); data/stormlib-9.22/test/StormTest.cpp:850:5: [2] (buffer) _tcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Risk is low because the source is a constant string. _tcscat(szTarget, _T("\\*")); data/stormlib-9.22/test/StormTest.cpp:898:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szSource[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:899:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szTarget[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:911:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:964:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szPatchChain[0x400]; data/stormlib-9.22/test/StormTest.cpp:1042:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1149:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy((char *)pbDataBuffer, "This is a test data written to a file."); data/stormlib-9.22/test/StormTest.cpp:1239:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName1[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1240:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName2[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1316:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szCopyPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1668:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szListFile[MAX_PATH] = _T(""); data/stormlib-9.22/test/StormTest.cpp:1669:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szMostPatched[MAX_PATH] = ""; data/stormlib-9.22/test/StormTest.cpp:1755:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMpqName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1756:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1780:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMpqName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1781:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1821:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMpqName[MAX_PATH+1]; data/stormlib-9.22/test/StormTest.cpp:1822:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1893:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szPatchName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1907:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:1944:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2029:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2198:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName1[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2199:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName2[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2200:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileLine[0x40]; data/stormlib-9.22/test/StormTest.cpp:2231:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2270:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMirrorPath[MAX_PATH + MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2271:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMasterPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2342:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2561:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szListFileBuff[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2640:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMpqName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2641:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2685:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szListFileBuff[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2736:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMpqName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2737:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2757:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2821:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:2945:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMirrorPath[MAX_PATH + MAX_PATH]; // Combined name data/stormlib-9.22/test/StormTest.cpp:2946:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMasterPath[MAX_PATH]; // Original (server) name data/stormlib-9.22/test/StormTest.cpp:3150:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3226:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szShaFileName[MAX_PATH+1]; data/stormlib-9.22/test/StormTest.cpp:3227:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szSha1Text[0x40]; data/stormlib-9.22/test/StormTest.cpp:3228:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szSha1TextA[0x40]; data/stormlib-9.22/test/StormTest.cpp:3242:5: [2] (buffer) _tcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. Risk is low because the source is a constant string. _tcscpy(szExtension, _T(".sha")); data/stormlib-9.22/test/StormTest.cpp:3507:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3698:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3724:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szFileName, "AddedFile%03u.txt", i); data/stormlib-9.22/test/StormTest.cpp:3816:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFileName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3844:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szFileName, "AddFile_%04u.txt", i); data/stormlib-9.22/test/StormTest.cpp:3906:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName1[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3907:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName2[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3908:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFullPath[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3911:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szArchivedName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:3934:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szArchivedName, "FileTest_%02u.exe", (unsigned int)i); data/stormlib-9.22/test/StormTest.cpp:4064:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFileName[MAX_PATH]; // Source file to be added data/stormlib-9.22/test/StormTest.cpp:4065:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szArchivedName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:4083:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(szArchivedName, "WaveFile_%02u.wav", i + 1); data/stormlib-9.22/test/StormTest.cpp:4124:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szArchivedName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:4216:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szLocalFileName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:4217:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szArchivedName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:4271:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szLocalFileName[MAX_PATH]; data/stormlib-9.22/test/StormTest.cpp:4272:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szArchivedName[MAX_PATH]; data/stormlib-9.22/test/TLogHelper.cpp:80:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMainTitleT[0x80]; data/stormlib-9.22/test/TLogHelper.cpp:113:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szSaveMainTitle[0x80]; data/stormlib-9.22/test/TLogHelper.cpp:155:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szFormatBuff[0x200]; data/stormlib-9.22/test/TLogHelper.cpp:156:5: [2] (buffer) TCHAR: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. TCHAR szMessage[0x200]; data/stormlib-9.22/test/TLogHelper.cpp:188:19: [2] (buffer) _stprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. nLength = _stprintf(szBuffer, _T(" (error code: %u)"), nError); data/stormlib-9.22/test/TLogHelper.cpp:262:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szFormatBuff[0x200]; data/stormlib-9.22/test/TLogHelper.cpp:263:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char szMessage[0x200]; data/stormlib-9.22/test/TLogHelper.cpp:295:19: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. nLength = sprintf(szBuffer, " (error code: %u)", nError); data/stormlib-9.22/src/FileStream.cpp:225:26: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). bytes_read = read((intptr_t)pStream->Base.File.hFile, pvBuffer, (size_t)dwBytesToRead); data/stormlib-9.22/src/FileStream.cpp:2230:19: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nNameLength = _tcslen(pStream->szFileName); data/stormlib-9.22/src/SBaseCommon.cpp:102:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchSource = strlen(szSource); data/stormlib-9.22/src/SBaseCommon.cpp:115:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchTarget = strlen(szTarget); data/stormlib-9.22/src/SBaseCommon.cpp:133:28: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchSource = strlen(szSource); data/stormlib-9.22/src/SBaseCommon.cpp:147:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchSource = _tcslen(szSource); data/stormlib-9.22/src/SBaseCommon.cpp:161:28: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchSource = _tcslen(szSource); data/stormlib-9.22/src/SBaseCommon.cpp:174:24: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t cchTarget = _tcslen(szTarget); data/stormlib-9.22/src/SBaseFileTable.cpp:1892:52: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). pFileEntry->szFileName = STORM_ALLOC(char, strlen(szFileName) + 1); data/stormlib-9.22/src/SFileFindFile.cpp:403:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nSize = sizeof(TMPQSearch) + strlen(szMask) + 1; data/stormlib-9.22/src/SFileGetFileInfo.cpp:89:27: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cchCharsNeeded += _tcslen(FileStream_GetFileName(hfTemp->ha->pStream)) + 1; data/stormlib-9.22/src/SFileGetFileInfo.cpp:111:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nLength = _tcslen(szFileName) + 1; data/stormlib-9.22/src/SFileGetFileInfo.cpp:160:41: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbSrcFileInfo = (DWORD)(_tcslen((TCHAR *)pvSrcFileInfo) + 1) * sizeof(TCHAR); data/stormlib-9.22/src/SFileGetFileInfo.cpp:624:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbSrcFileInfo += (DWORD)strlen(pFileEntry->szFileName) + 1; data/stormlib-9.22/src/SFileListFile.cpp:99:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cchWildCard = strlen(szWildCard) + 1; data/stormlib-9.22/src/SFileListFile.cpp:341:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbListFile += strlen(SortTable[0]) + 2; data/stormlib-9.22/src/SFileListFile.cpp:349:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cbListFile += strlen(SortTable[nIndex1]) + 2; data/stormlib-9.22/src/SFilePatchArchives.cpp:420:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nLength = strlen(szFileName); data/stormlib-9.22/src/SFilePatchArchives.cpp:616:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const TCHAR * szPathEnd = szPathBegin + _tcslen(szPathBegin); data/stormlib-9.22/src/SFilePatchArchives.cpp:740:8: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(_tcslen(szHelperFile) + 6 > MAX_PATH) data/stormlib-9.22/src/SFileVerify.cpp:125:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szBase64Begin = szKeyBase64 + strlen("-----BEGIN PUBLIC KEY-----"); data/stormlib-9.22/src/SFileVerify.cpp:126:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szBase64End = szBase64Begin + strlen(szBase64Begin) - strlen("-----END PUBLIC KEY-----"); data/stormlib-9.22/src/SFileVerify.cpp:126:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szBase64End = szBase64Begin + strlen(szBase64Begin) - strlen("-----END PUBLIC KEY-----"); data/stormlib-9.22/src/StormPort.h:176:11: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen strlen data/stormlib-9.22/src/StormPort.h:176:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). #define _tcslen strlen data/stormlib-9.22/src/bzip2/bzlib.c:909:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Int32 c = fgetc ( f ); data/stormlib-9.22/src/bzip2/bzlib.c:1419:4: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mode2,"b"); /* binary mode */ data/stormlib-9.22/src/libtomcrypt/src/hashes/md5.c:352:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). md5_process(&md, (unsigned char *)tests[i].msg, (unsigned long)strlen(tests[i].msg)); data/stormlib-9.22/src/libtomcrypt/src/hashes/sha1.c:272:70: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sha1_process(&md, (unsigned char*)tests[i].msg, (unsigned long)strlen(tests[i].msg)); data/stormlib-9.22/src/libtomcrypt/src/headers/tomcrypt_prng.h:95:21: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). unsigned long (*read)(unsigned char *out, unsigned long outlen, prng_state *prng); data/stormlib-9.22/src/libtomcrypt/src/math/rand_prime.c:53:34: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (prng_descriptor[wprng].read(buf, len, prng) != (unsigned long)len) { data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_pss_encode.c:88:37: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (prng_descriptor[prng_idx].read(salt, saltlen, prng) != saltlen) { data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c:77:35: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (prng_descriptor[prng_idx].read(ps, ps_len, prng) != ps_len) { data/stormlib-9.22/src/libtomcrypt/src/pk/pkcs1/pkcs_1_v1_5_encode.c:85:39: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if (prng_descriptor[prng_idx].read(&ps[i], 1, prng) != 1) { data/stormlib-9.22/src/libtommath/bn_mp_fread.c:27:9: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(stream); data/stormlib-9.22/src/libtommath/bn_mp_fread.c:30:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(stream); data/stormlib-9.22/src/libtommath/bn_mp_fread.c:54:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). ch = fgetc(stream); data/stormlib-9.22/test/StormTest.cpp:351:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szExtension = szFileName + strlen(szFileName); data/stormlib-9.22/test/StormTest.cpp:577:43: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(szSubDir != NULL && (nLength = _tcslen(szSubDir)) != 0) data/stormlib-9.22/test/StormTest.cpp:590:42: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(szNamePart1 != NULL && (nLength = _tcslen(szNamePart1)) != 0) data/stormlib-9.22/test/StormTest.cpp:603:42: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(szNamePart2 != NULL && (nLength = _tcslen(szNamePart2)) != 0) data/stormlib-9.22/test/StormTest.cpp:795:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). nLength = _tcslen(szDirectory); data/stormlib-9.22/test/StormTest.cpp:929:23: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). cchMpqDirectory = _tcslen(szMpqDirectory); data/stormlib-9.22/test/StormTest.cpp:995:45: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). szPatchName = szPatchName + _tcslen(szPatchName) + 1; data/stormlib-9.22/test/StormTest.cpp:1989:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DWORD dwFileSize = (DWORD)strlen(szFileData); data/stormlib-9.22/test/StormTest.cpp:3334:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DWORD dwFileSize = (DWORD)strlen(szFileData); data/stormlib-9.22/test/TLogHelper.cpp:379:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return szBuffer + _tcslen(szStringFormat); data/stormlib-9.22/test/TLogHelper.cpp:387:31: [1] (buffer) _tcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return szBuffer + _tcslen(szUint64Format); data/stormlib-9.22/test/TLogHelper.cpp:409:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return szBuffer + strlen(szStringFormat); data/stormlib-9.22/test/TLogHelper.cpp:417:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return szBuffer + strlen(szUint64Format); ANALYSIS SUMMARY: Hits = 438 Lines analyzed = 75564 in approximately 1.87 seconds (40333 lines/second) Physical Source Lines of Code (SLOC) = 48054 Hits@level = [0] 139 [1] 50 [2] 331 [3] 2 [4] 55 [5] 0 Hits@level+ = [0+] 577 [1+] 438 [2+] 388 [3+] 57 [4+] 55 [5+] 0 Hits/KSLOC@level+ = [0+] 12.0073 [1+] 9.11475 [2+] 8.07425 [3+] 1.18617 [4+] 1.14455 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.