Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/tuxtype-1.8.3/src/setup.c Examining data/tuxtype-1.8.3/src/laser.c Examining data/tuxtype-1.8.3/src/editor.h Examining data/tuxtype-1.8.3/src/main.c Examining data/tuxtype-1.8.3/src/alphabet.c Examining data/tuxtype-1.8.3/src/playgame.c Examining data/tuxtype-1.8.3/src/practice.c Examining data/tuxtype-1.8.3/src/mysetenv.c Examining data/tuxtype-1.8.3/src/scripting.h Examining data/tuxtype-1.8.3/src/scandir.c Examining data/tuxtype-1.8.3/src/loaders.c Examining data/tuxtype-1.8.3/src/scripting.c Examining data/tuxtype-1.8.3/src/convert_utf.h Examining data/tuxtype-1.8.3/src/input_methods.c Examining data/tuxtype-1.8.3/src/SDLMain.h Examining data/tuxtype-1.8.3/src/gettext.h Examining data/tuxtype-1.8.3/src/options.c Examining data/tuxtype-1.8.3/src/compiler.h Examining data/tuxtype-1.8.3/src/globals.h Examining data/tuxtype-1.8.3/src/laser.h Examining data/tuxtype-1.8.3/src/SDL_extras.h Examining data/tuxtype-1.8.3/src/editor.c Examining data/tuxtype-1.8.3/src/input_methods.h Examining data/tuxtype-1.8.3/src/pixels.h Examining data/tuxtype-1.8.3/src/audio.c Examining data/tuxtype-1.8.3/src/funcs.h Examining data/tuxtype-1.8.3/src/snow.c Examining data/tuxtype-1.8.3/src/pixels.c Examining data/tuxtype-1.8.3/src/pause.c Examining data/tuxtype-1.8.3/src/theme.c Examining data/tuxtype-1.8.3/src/snow.h Examining data/tuxtype-1.8.3/src/convert_utf.c Examining data/tuxtype-1.8.3/src/playgame.h Examining data/tuxtype-1.8.3/src/scandir.h Examining data/tuxtype-1.8.3/src/titlescreen.h Examining data/tuxtype-1.8.3/src/mysetenv.h Examining data/tuxtype-1.8.3/src/SDL_extras.c Examining data/tuxtype-1.8.3/src/titlescreen.c FINAL RESULTS: data/tuxtype-1.8.3/src/SDL_extras.c:1576:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/fonts/%s", settings.default_data_path, font_name); data/tuxtype-1.8.3/src/alphabet.c:105:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/keyboard.lst", settings.theme_data_path); data/tuxtype-1.8.3/src/alphabet.c:115:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/keyboard.lst", settings.default_data_path); data/tuxtype-1.8.3/src/alphabet.c:296:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"keyboard/keyboard_%s.png", keyboard_list[index].keyname); data/tuxtype-1.8.3/src/alphabet.c:308:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf,"keyboard/keyboardN_%s.png", keyboard_list[index].keyname); data/tuxtype-1.8.3/src/alphabet.c:1288:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/keyboard.lst", settings.theme_data_path); data/tuxtype-1.8.3/src/alphabet.c:1290:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/keyboard.lst", settings.default_data_path); data/tuxtype-1.8.3/src/compiler.h:45:3: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. fprintf(stderr, \ data/tuxtype-1.8.3/src/editor.c:90:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir, "%s/words", settings.user_settings_path); data/tuxtype-1.8.3/src/editor.c:98:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir , "%s/words" , settings.var_data_path); data/tuxtype-1.8.3/src/editor.c:347:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s" , wordsDir); data/tuxtype-1.8.3/src/editor.c:524:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir, "%s/words", settings.user_settings_path); data/tuxtype-1.8.3/src/editor.c:532:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir , "%s/words" , settings.var_data_path); data/tuxtype-1.8.3/src/editor.c:539:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/%s", wordsDir, words_file); data/tuxtype-1.8.3/src/editor.c:989:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir, "%s/words", settings.user_settings_path); data/tuxtype-1.8.3/src/editor.c:997:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir , "%s/words" , settings.var_data_path); data/tuxtype-1.8.3/src/editor.c:1188:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/%s.txt", wordsDir, wordlist); data/tuxtype-1.8.3/src/editor.c:1324:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir, "%s/words", settings.user_settings_path); data/tuxtype-1.8.3/src/editor.c:1332:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordsDir , "%s/words" , settings.var_data_path); data/tuxtype-1.8.3/src/editor.c:1335:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/%s" , wordsDir, words_file); data/tuxtype-1.8.3/src/globals.h:164:43: [4] (format) fprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. #define LOG( str ) if (settings.debug_on) fprintf( stderr, str ); data/tuxtype-1.8.3/src/input_methods.c:601:5: [4] (buffer) wcscpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using a function version that stops copying at the end of the buffer. wcscpy(sm->output, unicode); data/tuxtype-1.8.3/src/input_methods.c:1036:13: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); data/tuxtype-1.8.3/src/input_methods.c:1075:15: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, im->buf); data/tuxtype-1.8.3/src/input_methods.c:1222:13: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); data/tuxtype-1.8.3/src/input_methods.c:1261:15: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, im->buf); data/tuxtype-1.8.3/src/input_methods.c:1409:13: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); data/tuxtype-1.8.3/src/input_methods.c:1448:15: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, im->buf); data/tuxtype-1.8.3/src/input_methods.c:1627:19: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); /* Output */ data/tuxtype-1.8.3/src/input_methods.c:1639:19: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); /* Output */ data/tuxtype-1.8.3/src/input_methods.c:1651:19: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); /* Output */ data/tuxtype-1.8.3/src/input_methods.c:1663:17: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); data/tuxtype-1.8.3/src/input_methods.c:1675:15: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, us); data/tuxtype-1.8.3/src/input_methods.c:1705:15: [4] (buffer) wcscat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). wcscat(im->s, bp); data/tuxtype-1.8.3/src/loaders.c:278:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/images/%s", settings.theme_data_path, datafile); data/tuxtype-1.8.3/src/loaders.c:290:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/images/%s", settings.default_data_path, datafile); data/tuxtype-1.8.3/src/loaders.c:451:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%sd.png", name); data/tuxtype-1.8.3/src/loaders.c:454:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s%d.png", name, x); data/tuxtype-1.8.3/src/loaders.c:499:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/sounds/%s", settings.theme_data_path, datafile); data/tuxtype-1.8.3/src/loaders.c:508:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/sounds/%s", settings.default_data_path, datafile); data/tuxtype-1.8.3/src/loaders.c:531:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/sounds/%s", settings.theme_data_path, datafile); data/tuxtype-1.8.3/src/loaders.c:540:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/sounds/%s", settings.default_data_path, datafile); data/tuxtype-1.8.3/src/practice.c:626:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(time_str, "%.2f %s", (float) total / 1000, N_("sec")); data/tuxtype-1.8.3/src/practice.c:1220:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/%s", settings.theme_data_path, phrase_file); data/tuxtype-1.8.3/src/practice.c:1228:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn , "%s/%s", settings.default_data_path, phrase_file); data/tuxtype-1.8.3/src/scandir.c:208:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(findIn, dirname); data/tuxtype-1.8.3/src/scandir.c:253:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(selectDir->d_name, find.cFileName); data/tuxtype-1.8.3/src/scripting.c:60:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/cascade.xml", settings.theme_data_path); data/tuxtype-1.8.3/src/scripting.c:69:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/cascade.xml", settings.default_data_path); data/tuxtype-1.8.3/src/scripting.c:83:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/laser.xml", settings.theme_data_path); data/tuxtype-1.8.3/src/scripting.c:93:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/laser.xml", settings.default_data_path); data/tuxtype-1.8.3/src/scripting.c:106:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/projectInfo.xml", settings.theme_data_path); data/tuxtype-1.8.3/src/scripting.c:115:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( fn, "%s/scripts/projectInfo.xml", settings.default_data_path); data/tuxtype-1.8.3/src/scripting.c:156:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(script_path, "%s/scripts", settings.theme_data_path); data/tuxtype-1.8.3/src/scripting.c:167:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf( script_path, "%s/scripts", settings.default_data_path); data/tuxtype-1.8.3/src/scripting.c:374:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/scripts/%s", settings.default_data_path, script_filenames[loc]); data/tuxtype-1.8.3/src/scripting.c:376:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/scripts/%s", settings.theme_data_path, script_filenames[loc]); data/tuxtype-1.8.3/src/scripting.c:394:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/scripts/%s", settings.default_data_path, script_filenames[loc]); data/tuxtype-1.8.3/src/scripting.c:396:15: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/scripts/%s", settings.theme_data_path, script_filenames[loc]); stop = 1; data/tuxtype-1.8.3/src/setup.c:244:3: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf(fn, FNLEN - 1, (const char*)"%s/.tuxtype/settings.txt", getenv("HOME")); data/tuxtype-1.8.3/src/setup.c:397:2: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( fn, FNLEN-1, (const char*)"%s/settings.txt", settings.user_settings_path ); data/tuxtype-1.8.3/src/setup.c:469:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(full_theme_path, "%s/themes/%s", settings.default_data_path, theme_dir); data/tuxtype-1.8.3/src/setup.c:492:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(theme_settings_path, "%s/settings.txt", full_theme_path); data/tuxtype-1.8.3/src/setup.c:554:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( fn, FNLEN-1, (const char*)"%s/TuxType", getenv("APPDATA") ); data/tuxtype-1.8.3/src/setup.c:556:5: [4] (format) snprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. snprintf( fn, FNLEN-1, (const char*)"%s/.tuxtype", getenv("HOME") ); data/tuxtype-1.8.3/src/theme.c:71:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/themes/", settings.default_data_path); data/tuxtype-1.8.3/src/theme.c:93:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "%s/themes/%s", settings.default_data_path, themesFile->d_name); data/tuxtype-1.8.3/src/titlescreen.c:922:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fn, "menu/%s", menu_icon[i][j]); data/tuxtype-1.8.3/src/titlescreen.c:1237:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordPath,"%s/words", settings.theme_data_path); data/tuxtype-1.8.3/src/titlescreen.c:1246:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordPath,"%s/words", settings.default_data_path); data/tuxtype-1.8.3/src/titlescreen.c:1280:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordlistFile[lists], "%s/%s", wordPath, wordsFile->d_name); data/tuxtype-1.8.3/src/titlescreen.c:1305:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordPath,"%s/words", settings.var_data_path); data/tuxtype-1.8.3/src/titlescreen.c:1335:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordlistFile[lists], "%s/%s", wordPath, wordsFile->d_name); data/tuxtype-1.8.3/src/titlescreen.c:1359:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordPath,"%s/words", settings.user_settings_path); data/tuxtype-1.8.3/src/titlescreen.c:1389:7: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(wordlistFile[lists], "%s/%s", wordPath, wordsFile->d_name); data/tuxtype-1.8.3/src/main.c:48:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/tuxtype-1.8.3/src/setup.c:241:53: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf( fn, FNLEN-1, "%s/TuxType/settings.txt", getenv("APPDATA")); data/tuxtype-1.8.3/src/setup.c:244:68: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf(fn, FNLEN - 1, (const char*)"%s/.tuxtype/settings.txt", getenv("HOME")); data/tuxtype-1.8.3/src/setup.c:554:55: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf( fn, FNLEN-1, (const char*)"%s/TuxType", getenv("APPDATA") ); data/tuxtype-1.8.3/src/setup.c:556:56: [3] (buffer) getenv: Environment variables are untrustable input if they can be set by an attacker. They can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. snprintf( fn, FNLEN-1, (const char*)"%s/.tuxtype", getenv("HOME") ); data/tuxtype-1.8.3/src/SDL_extras.c:1359:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wchar_tmp[1024]; data/tuxtype-1.8.3/src/SDL_extras.c:1360:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[1024]; data/tuxtype-1.8.3/src/SDL_extras.c:1456:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prev_font_name[FNLEN]; data/tuxtype-1.8.3/src/SDL_extras.c:1464:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[64]; data/tuxtype-1.8.3/src/SDL_extras.c:1540:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char prev_font_name[FNLEN]; data/tuxtype-1.8.3/src/SDL_extras.c:1573:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/SDL_extras.c:1593:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-sil-andika/AndikaDesRevG.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1595:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-sil-doulos/DoulosSILR.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1597:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-kannada-fonts/Kedage-n.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1599:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-bengali-fonts/lohit_bn.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1601:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/lohit_gu.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1603:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/lohit_hi.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1605:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/lohit_pa.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1607:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/lohit_ta.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1609:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-malayalam-fonts/Rachana_w01.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1611:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/utkal.ttf"); data/tuxtype-1.8.3/src/SDL_extras.c:1613:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "/usr/share/fonts/truetype/ttf-indic-fonts-core/Vemena.ttf"); data/tuxtype-1.8.3/src/alphabet.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char keyname[5]; data/tuxtype-1.8.3/src/alphabet.c:69:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t word_list[MAX_NUM_WORDS][MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/alphabet.c:70:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t char_list[MAX_UNICODES]; // List of distinct letters in word list data/tuxtype-1.8.3/src/alphabet.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/alphabet.c:132:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[255]; data/tuxtype-1.8.3/src/alphabet.c:133:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wide_str[255]; data/tuxtype-1.8.3/src/alphabet.c:138:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen( fn, "r" ); data/tuxtype-1.8.3/src/alphabet.c:322:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"keyboard/keyboard_None.png"); data/tuxtype-1.8.3/src/alphabet.c:324:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"keyboard/keyboard_D00.png"); data/tuxtype-1.8.3/src/alphabet.c:326:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf,"keyboard/keyboard_D12.png"); data/tuxtype-1.8.3/src/alphabet.c:509:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_word[FNLEN]; data/tuxtype-1.8.3/src/alphabet.c:510:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t temp_wide_word[FNLEN]; data/tuxtype-1.8.3/src/alphabet.c:520:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). wordFile = fopen( wordFn, "r" ); data/tuxtype-1.8.3/src/alphabet.c:625:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t t[2]; data/tuxtype-1.8.3/src/alphabet.c:792:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '`':strcpy(keyboard_entry->keyname,"A00"); data/tuxtype-1.8.3/src/alphabet.c:796:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '~':strcpy(keyboard_entry->keyname,"A00"); data/tuxtype-1.8.3/src/alphabet.c:800:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '1':strcpy(keyboard_entry->keyname,"A01"); data/tuxtype-1.8.3/src/alphabet.c:804:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '!':strcpy(keyboard_entry->keyname,"A01"); data/tuxtype-1.8.3/src/alphabet.c:808:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '2':strcpy(keyboard_entry->keyname,"A02"); data/tuxtype-1.8.3/src/alphabet.c:812:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '@':strcpy(keyboard_entry->keyname,"A02"); data/tuxtype-1.8.3/src/alphabet.c:816:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '3':strcpy(keyboard_entry->keyname,"A03"); data/tuxtype-1.8.3/src/alphabet.c:820:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '#':strcpy(keyboard_entry->keyname,"A03"); data/tuxtype-1.8.3/src/alphabet.c:824:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '4':strcpy(keyboard_entry->keyname,"A04"); data/tuxtype-1.8.3/src/alphabet.c:828:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '$':strcpy(keyboard_entry->keyname,"A04"); data/tuxtype-1.8.3/src/alphabet.c:832:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '5':strcpy(keyboard_entry->keyname,"A05"); data/tuxtype-1.8.3/src/alphabet.c:836:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '%':strcpy(keyboard_entry->keyname,"A05"); data/tuxtype-1.8.3/src/alphabet.c:840:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '6':strcpy(keyboard_entry->keyname,"A06"); data/tuxtype-1.8.3/src/alphabet.c:844:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '^':strcpy(keyboard_entry->keyname,"A06"); data/tuxtype-1.8.3/src/alphabet.c:848:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '7':strcpy(keyboard_entry->keyname,"A07"); data/tuxtype-1.8.3/src/alphabet.c:852:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '&':strcpy(keyboard_entry->keyname,"A07"); data/tuxtype-1.8.3/src/alphabet.c:856:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '8':strcpy(keyboard_entry->keyname,"A08"); data/tuxtype-1.8.3/src/alphabet.c:860:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '*':strcpy(keyboard_entry->keyname,"A08"); data/tuxtype-1.8.3/src/alphabet.c:864:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '9':strcpy(keyboard_entry->keyname,"A09"); data/tuxtype-1.8.3/src/alphabet.c:868:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '(':strcpy(keyboard_entry->keyname,"A09"); data/tuxtype-1.8.3/src/alphabet.c:872:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '0':strcpy(keyboard_entry->keyname,"A10"); data/tuxtype-1.8.3/src/alphabet.c:876:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ')':strcpy(keyboard_entry->keyname,"A10"); data/tuxtype-1.8.3/src/alphabet.c:880:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '-':strcpy(keyboard_entry->keyname,"A11"); data/tuxtype-1.8.3/src/alphabet.c:884:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '_':strcpy(keyboard_entry->keyname,"A11"); data/tuxtype-1.8.3/src/alphabet.c:888:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '=':strcpy(keyboard_entry->keyname,"A12"); data/tuxtype-1.8.3/src/alphabet.c:892:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '+':strcpy(keyboard_entry->keyname,"A12"); data/tuxtype-1.8.3/src/alphabet.c:896:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '\\':strcpy(keyboard_entry->keyname,"A13"); data/tuxtype-1.8.3/src/alphabet.c:900:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '|':strcpy(keyboard_entry->keyname,"A13"); data/tuxtype-1.8.3/src/alphabet.c:904:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'q':strcpy(keyboard_entry->keyname,"B01"); data/tuxtype-1.8.3/src/alphabet.c:908:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'Q':strcpy(keyboard_entry->keyname,"B01"); data/tuxtype-1.8.3/src/alphabet.c:912:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'w':strcpy(keyboard_entry->keyname,"B02"); data/tuxtype-1.8.3/src/alphabet.c:916:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'W':strcpy(keyboard_entry->keyname,"B02"); data/tuxtype-1.8.3/src/alphabet.c:920:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'e':strcpy(keyboard_entry->keyname,"B03"); data/tuxtype-1.8.3/src/alphabet.c:924:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'E':strcpy(keyboard_entry->keyname,"B03"); data/tuxtype-1.8.3/src/alphabet.c:928:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'r':strcpy(keyboard_entry->keyname,"B04"); data/tuxtype-1.8.3/src/alphabet.c:932:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'R':strcpy(keyboard_entry->keyname,"B04"); data/tuxtype-1.8.3/src/alphabet.c:936:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 't':strcpy(keyboard_entry->keyname,"B05"); data/tuxtype-1.8.3/src/alphabet.c:940:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'T':strcpy(keyboard_entry->keyname,"B05"); data/tuxtype-1.8.3/src/alphabet.c:944:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'y':strcpy(keyboard_entry->keyname,"B06"); data/tuxtype-1.8.3/src/alphabet.c:948:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'Y':strcpy(keyboard_entry->keyname,"B06"); data/tuxtype-1.8.3/src/alphabet.c:952:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'u':strcpy(keyboard_entry->keyname,"B07"); data/tuxtype-1.8.3/src/alphabet.c:956:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'U':strcpy(keyboard_entry->keyname,"B07"); data/tuxtype-1.8.3/src/alphabet.c:960:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'i':strcpy(keyboard_entry->keyname,"B08"); data/tuxtype-1.8.3/src/alphabet.c:964:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'I':strcpy(keyboard_entry->keyname,"B08"); data/tuxtype-1.8.3/src/alphabet.c:968:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'o':strcpy(keyboard_entry->keyname,"B09"); data/tuxtype-1.8.3/src/alphabet.c:972:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'O':strcpy(keyboard_entry->keyname,"B09"); data/tuxtype-1.8.3/src/alphabet.c:976:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'p':strcpy(keyboard_entry->keyname,"B10"); data/tuxtype-1.8.3/src/alphabet.c:980:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'P':strcpy(keyboard_entry->keyname,"B10"); data/tuxtype-1.8.3/src/alphabet.c:984:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '[':strcpy(keyboard_entry->keyname,"B11"); data/tuxtype-1.8.3/src/alphabet.c:988:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '{':strcpy(keyboard_entry->keyname,"B11"); data/tuxtype-1.8.3/src/alphabet.c:992:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ']':strcpy(keyboard_entry->keyname,"B12"); data/tuxtype-1.8.3/src/alphabet.c:996:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '}':strcpy(keyboard_entry->keyname,"B12"); data/tuxtype-1.8.3/src/alphabet.c:1000:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'a':strcpy(keyboard_entry->keyname,"C01"); data/tuxtype-1.8.3/src/alphabet.c:1004:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'A':strcpy(keyboard_entry->keyname,"C01"); data/tuxtype-1.8.3/src/alphabet.c:1008:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 's':strcpy(keyboard_entry->keyname,"C02"); data/tuxtype-1.8.3/src/alphabet.c:1012:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'S':strcpy(keyboard_entry->keyname,"C02"); data/tuxtype-1.8.3/src/alphabet.c:1016:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'd':strcpy(keyboard_entry->keyname,"C03"); data/tuxtype-1.8.3/src/alphabet.c:1020:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'D':strcpy(keyboard_entry->keyname,"C03"); data/tuxtype-1.8.3/src/alphabet.c:1024:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'f':strcpy(keyboard_entry->keyname,"C04"); data/tuxtype-1.8.3/src/alphabet.c:1028:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'F':strcpy(keyboard_entry->keyname,"C04"); data/tuxtype-1.8.3/src/alphabet.c:1032:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'g':strcpy(keyboard_entry->keyname,"C05"); data/tuxtype-1.8.3/src/alphabet.c:1036:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'G':strcpy(keyboard_entry->keyname,"C05"); data/tuxtype-1.8.3/src/alphabet.c:1040:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'h':strcpy(keyboard_entry->keyname,"C06"); data/tuxtype-1.8.3/src/alphabet.c:1044:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'H':strcpy(keyboard_entry->keyname,"C06"); data/tuxtype-1.8.3/src/alphabet.c:1048:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'j':strcpy(keyboard_entry->keyname,"C07"); data/tuxtype-1.8.3/src/alphabet.c:1052:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'J':strcpy(keyboard_entry->keyname,"C07"); data/tuxtype-1.8.3/src/alphabet.c:1056:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'k':strcpy(keyboard_entry->keyname,"C08"); data/tuxtype-1.8.3/src/alphabet.c:1060:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'K':strcpy(keyboard_entry->keyname,"C08"); data/tuxtype-1.8.3/src/alphabet.c:1064:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'l':strcpy(keyboard_entry->keyname,"C09"); data/tuxtype-1.8.3/src/alphabet.c:1068:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'L':strcpy(keyboard_entry->keyname,"C09"); data/tuxtype-1.8.3/src/alphabet.c:1072:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ';':strcpy(keyboard_entry->keyname,"C10"); data/tuxtype-1.8.3/src/alphabet.c:1076:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ':':strcpy(keyboard_entry->keyname,"C10"); data/tuxtype-1.8.3/src/alphabet.c:1080:12: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '\'':strcpy(keyboard_entry->keyname,"C11"); data/tuxtype-1.8.3/src/alphabet.c:1084:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '"':strcpy(keyboard_entry->keyname,"C11"); data/tuxtype-1.8.3/src/alphabet.c:1088:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'z':strcpy(keyboard_entry->keyname,"D02"); data/tuxtype-1.8.3/src/alphabet.c:1092:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'Z':strcpy(keyboard_entry->keyname,"D02"); data/tuxtype-1.8.3/src/alphabet.c:1096:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'x':strcpy(keyboard_entry->keyname,"D03"); data/tuxtype-1.8.3/src/alphabet.c:1100:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'X':strcpy(keyboard_entry->keyname,"D03"); data/tuxtype-1.8.3/src/alphabet.c:1104:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'c':strcpy(keyboard_entry->keyname,"D04"); data/tuxtype-1.8.3/src/alphabet.c:1108:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'C':strcpy(keyboard_entry->keyname,"D04"); data/tuxtype-1.8.3/src/alphabet.c:1112:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'v':strcpy(keyboard_entry->keyname,"D05"); data/tuxtype-1.8.3/src/alphabet.c:1116:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'V':strcpy(keyboard_entry->keyname,"D05"); data/tuxtype-1.8.3/src/alphabet.c:1120:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'b':strcpy(keyboard_entry->keyname,"D06"); data/tuxtype-1.8.3/src/alphabet.c:1124:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'B':strcpy(keyboard_entry->keyname,"D06"); data/tuxtype-1.8.3/src/alphabet.c:1128:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'n':strcpy(keyboard_entry->keyname,"D07"); data/tuxtype-1.8.3/src/alphabet.c:1132:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'N':strcpy(keyboard_entry->keyname,"D07"); data/tuxtype-1.8.3/src/alphabet.c:1136:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'm':strcpy(keyboard_entry->keyname,"D08"); data/tuxtype-1.8.3/src/alphabet.c:1140:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case 'M':strcpy(keyboard_entry->keyname,"D08"); data/tuxtype-1.8.3/src/alphabet.c:1144:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ',':strcpy(keyboard_entry->keyname,"D09"); data/tuxtype-1.8.3/src/alphabet.c:1148:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '<':strcpy(keyboard_entry->keyname,"D09"); data/tuxtype-1.8.3/src/alphabet.c:1152:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '.':strcpy(keyboard_entry->keyname,"D010"); data/tuxtype-1.8.3/src/alphabet.c:1156:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '>':strcpy(keyboard_entry->keyname,"D010"); data/tuxtype-1.8.3/src/alphabet.c:1160:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '/':strcpy(keyboard_entry->keyname,"D11"); data/tuxtype-1.8.3/src/alphabet.c:1164:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case '?':strcpy(keyboard_entry->keyname,"D11"); data/tuxtype-1.8.3/src/alphabet.c:1168:11: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. case ' ':strcpy(keyboard_entry->keyname,"E03"); data/tuxtype-1.8.3/src/alphabet.c:1173:10: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. default:strcpy(keyboard_entry->keyname,"None"); data/tuxtype-1.8.3/src/alphabet.c:1189:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t t[2]; data/tuxtype-1.8.3/src/alphabet.c:1190:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[8]; data/tuxtype-1.8.3/src/alphabet.c:1282:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/alphabet.c:1293:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn,"w"); data/tuxtype-1.8.3/src/alphabet.c:1380:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wchar_buf[MAX_UNICODES]; data/tuxtype-1.8.3/src/convert_utf.c:41:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t temp_wchar[UTF_BUF_LENGTH]; data/tuxtype-1.8.3/src/convert_utf.c:86:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char temp_UTF8[UTF_BUF_LENGTH]; data/tuxtype-1.8.3/src/editor.c:65:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char file_names[MAX_WORD_LISTS][FNLEN]; //names of the files containing lists data/tuxtype-1.8.3/src/editor.c:66:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char list_titles[MAX_WORD_LISTS][MAX_WORD_SIZE+1]; //text list name to be displayed data/tuxtype-1.8.3/src/editor.c:76:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordsDir[FNLEN]; data/tuxtype-1.8.3/src/editor.c:77:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/editor.c:136:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn,"r"); data/tuxtype-1.8.3/src/editor.c:376:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn,"r"); data/tuxtype-1.8.3/src/editor.c:517:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/editor.c:518:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordsDir[FNLEN]; data/tuxtype-1.8.3/src/editor.c:519:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char words_in_list[MAX_NUM_WORDS][MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/editor.c:521:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t temp[MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/editor.c:540:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn,"r"); data/tuxtype-1.8.3/src/editor.c:907:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn,"w"); data/tuxtype-1.8.3/src/editor.c:980:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/editor.c:981:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordsDir[FNLEN]; data/tuxtype-1.8.3/src/editor.c:982:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordlist[MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/editor.c:983:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t temp[MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/editor.c:1191:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "w"); data/tuxtype-1.8.3/src/editor.c:1320:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/editor.c:1321:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordsDir[FNLEN]; data/tuxtype-1.8.3/src/gettext.h:195:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_ctxt_id[msgctxt_len + msgid_len]; data/tuxtype-1.8.3/src/gettext.h:197:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/tuxtype-1.8.3/src/gettext.h:205:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); data/tuxtype-1.8.3/src/gettext.h:207:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); data/tuxtype-1.8.3/src/gettext.h:241:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg_ctxt_id[msgctxt_len + msgid_len]; data/tuxtype-1.8.3/src/gettext.h:243:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[1024]; data/tuxtype-1.8.3/src/gettext.h:251:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1); data/tuxtype-1.8.3/src/gettext.h:253:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len); data/tuxtype-1.8.3/src/globals.h:89:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char default_data_path[FNLEN]; // for static read-only data data/tuxtype-1.8.3/src/globals.h:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char theme_data_path[FNLEN]; // read-only data for current theme data/tuxtype-1.8.3/src/globals.h:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char var_data_path[FNLEN]; // for modifiable shared data (custom word lists, etc.) data/tuxtype-1.8.3/src/globals.h:92:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char user_settings_path[FNLEN]; // per-user settings (under /home) data/tuxtype-1.8.3/src/globals.h:93:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char global_settings_path[FNLEN]; // settings for all users (under /etc) data/tuxtype-1.8.3/src/globals.h:94:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char theme_name[FNLEN]; data/tuxtype-1.8.3/src/globals.h:95:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char lang[FNLEN]; data/tuxtype-1.8.3/src/globals.h:96:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char theme_font_name[FNLEN]; data/tuxtype-1.8.3/src/globals.h:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char theme_locale_name[FNLEN]; data/tuxtype-1.8.3/src/input_methods.c:179:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t output[MAX_UNICODE_SEQ]; data/tuxtype-1.8.3/src/input_methods.c:315:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char *lang_prefixes[NUM_LANGS] = { data/tuxtype-1.8.3/src/input_methods.c:705:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). is = fopen(path, "rt"); data/tuxtype-1.8.3/src/input_methods.c:713:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t unicode[MAX_UNICODE_SEQ]; data/tuxtype-1.8.3/src/input_methods.c:716:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[256]; data/tuxtype-1.8.3/src/input_methods.c:717:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char flag[256]; data/tuxtype-1.8.3/src/input_methods.h:51:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t s[16]; /* Characters that should be displayed */ data/tuxtype-1.8.3/src/input_methods.h:55:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[8]; /* Buffered characters */ data/tuxtype-1.8.3/src/laser.c:54:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t ans[NUM_ANS]; data/tuxtype-1.8.3/src/laser.c:95:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[64]; data/tuxtype-1.8.3/src/laser.c:496:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%d", wave); data/tuxtype-1.8.3/src/laser.c:509:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(str, "%.6d", score); data/tuxtype-1.8.3/src/laser.c:765:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[1024]; data/tuxtype-1.8.3/src/laser.c:787:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fname, "backgrounds/%d.jpg", i); data/tuxtype-1.8.3/src/laser.h:211:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char * music_filenames[NUM_MUSICS] = { data/tuxtype-1.8.3/src/loaders.c:65:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(file, "r"); data/tuxtype-1.8.3/src/loaders.c:84:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf [30]; data/tuxtype-1.8.3/src/loaders.c:236:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char svgfn[PATH_MAX]; data/tuxtype-1.8.3/src/loaders.c:253:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(svgfn, ".svg"); data/tuxtype-1.8.3/src/loaders.c:273:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/loaders.c:444:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/loaders.c:494:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/loaders.c:526:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/mysetenv.c:52:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer,name,namelen); data/tuxtype-1.8.3/src/mysetenv.c:55:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(buffer+namelen+1,value,valuelen); data/tuxtype-1.8.3/src/playgame.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FNLEN]; data/tuxtype-1.8.3/src/playgame.c:216:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "pract.png"); data/tuxtype-1.8.3/src/playgame.c:219:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "kcas%d.jpg", rand() % 12); data/tuxtype-1.8.3/src/playgame.c:224:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "hidden.jpg"); data/tuxtype-1.8.3/src/playgame.c:241:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "amidst_the_raindrops.ogg"); data/tuxtype-1.8.3/src/playgame.c:243:11: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "chiptune2.ogg"); data/tuxtype-1.8.3/src/playgame.c:641:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[FNLEN]; data/tuxtype-1.8.3/src/playgame.c:665:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(filename, "num_%i.png", i); data/tuxtype-1.8.3/src/playgame.c:795:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numnuts[FNLEN]; data/tuxtype-1.8.3/src/playgame.c:799:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numnuts, "%d", num); data/tuxtype-1.8.3/src/playgame.c:839:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numnuts[FNLEN]; data/tuxtype-1.8.3/src/playgame.c:843:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(numnuts, "%d", num); data/tuxtype-1.8.3/src/playgame.c:1598:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t texttool_str[256]; data/tuxtype-1.8.3/src/playgame.h:149:5: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t word[MAX_WORD_SIZE + 1]; data/tuxtype-1.8.3/src/practice.c:56:8: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static wchar_t phrases[MAX_PHRASES][MAX_PHRASE_LENGTH]; data/tuxtype-1.8.3/src/practice.c:137:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char time_str[20]; data/tuxtype-1.8.3/src/practice.c:138:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char chars_typed_str[20]; data/tuxtype-1.8.3/src/practice.c:139:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cpm_str[20]; data/tuxtype-1.8.3/src/practice.c:140:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wpm_str[20]; data/tuxtype-1.8.3/src/practice.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char errors_str[20]; data/tuxtype-1.8.3/src/practice.c:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char accuracy_str[20]; data/tuxtype-1.8.3/src/practice.c:226:11: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[200]; data/tuxtype-1.8.3/src/practice.c:252:11: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[200]; data/tuxtype-1.8.3/src/practice.c:627:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(chars_typed_str, "%d", correct_chars); data/tuxtype-1.8.3/src/practice.c:628:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(cpm_str, "%.1f", (float) correct_chars /((float)total/60000)); data/tuxtype-1.8.3/src/practice.c:629:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(wpm_str, "%.1f", (float) ((float) correct_chars/5) /((float) total/60000)); data/tuxtype-1.8.3/src/practice.c:630:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(errors_str, "%d", wrong_chars); data/tuxtype-1.8.3/src/practice.c:637:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(accuracy_str, "%.1f%%", accuracy * 100); data/tuxtype-1.8.3/src/practice.c:860:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/practice.c:877:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(fn, "hands/%d.png", i); data/tuxtype-1.8.3/src/practice.c:1213:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[MAX_PHRASE_LENGTH]; data/tuxtype-1.8.3/src/practice.c:1215:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/practice.c:1243:8: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(fn, "r"); data/tuxtype-1.8.3/src/practice.c:1278:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t buf[MAX_PHRASE_LENGTH]; data/tuxtype-1.8.3/src/practice.c:1279:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char UTF8buf[MAX_PHRASE_LENGTH]; data/tuxtype-1.8.3/src/practice.c:1391:3: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t ltr[2]; data/tuxtype-1.8.3/src/practice.c:1414:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/tuxtype-1.8.3/src/practice.c:1422:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/tuxtype-1.8.3/src/practice.c:1431:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[50]; data/tuxtype-1.8.3/src/scandir.c:138:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(p->d_name, d->d_name, p->d_reclen + 1); data/tuxtype-1.8.3/src/scandir.c:215:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(findIn, ".\\*"); data/tuxtype-1.8.3/src/scandir.c:219:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(findIn, ".\\*"); data/tuxtype-1.8.3/src/scandir.c:260:11: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tempDir, dir, sizeof(struct dirent*)*NDir); data/tuxtype-1.8.3/src/scripting.c:56:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:102:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:141:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char script_path[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:142:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char script_filenames[MAX_LESSONS][FNLEN]; data/tuxtype-1.8.3/src/scripting.c:143:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:543:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ans = atoi(t); data/tuxtype-1.8.3/src/scripting.c:590:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[FNLEN]; data/tuxtype-1.8.3/src/scripting.c:605:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(fn, "r"); data/tuxtype-1.8.3/src/scripting.c:1284:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[FNLEN]; // used to hold temp text for wrapping data/tuxtype-1.8.3/src/scripting.c:1508:11: [2] (buffer) wchar_t: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. wchar_t wide_buf[FNLEN]; data/tuxtype-1.8.3/src/setup.c:231:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/setup.c:262:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE* fp = fopen(fn, "r"); data/tuxtype-1.8.3/src/setup.c:288:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char setting[FNLEN]; /* these don't really need to be 'FNLEN' long */ data/tuxtype-1.8.3/src/setup.c:289:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char value[FNLEN]; data/tuxtype-1.8.3/src/setup.c:317:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). settings.o_lives = atoi(value); data/tuxtype-1.8.3/src/setup.c:323:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). settings.mus_volume = atoi(value); data/tuxtype-1.8.3/src/setup.c:329:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). settings.sfx_volume = atoi(value); data/tuxtype-1.8.3/src/setup.c:335:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). settings.menu_music = atoi(value); data/tuxtype-1.8.3/src/setup.c:340:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). settings.fullscreen = atoi(value); data/tuxtype-1.8.3/src/setup.c:377:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/setup.c:404:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). settingsFile = fopen( fn, "w" ); data/tuxtype-1.8.3/src/setup.c:450:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; // used later when setting settings.user_settings_path data/tuxtype-1.8.3/src/setup.c:466:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char full_theme_path[FNLEN]; data/tuxtype-1.8.3/src/setup.c:467:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char theme_settings_path[FNLEN]; data/tuxtype-1.8.3/src/theme.c:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/theme.c:58:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char themeNames[MAX_LANGUAGES][FNLEN]; data/tuxtype-1.8.3/src/theme.c:59:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char themePaths[MAX_LANGUAGES][FNLEN]; data/tuxtype-1.8.3/src/theme.c:62:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char old_theme_path[FNLEN]; data/tuxtype-1.8.3/src/titlescreen.c:895:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fn[FNLEN]; data/tuxtype-1.8.3/src/titlescreen.c:1221:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordPath[FNLEN]; data/tuxtype-1.8.3/src/titlescreen.c:1222:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordlistFile[MAX_WORD_LISTS][200]; data/tuxtype-1.8.3/src/titlescreen.c:1223:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char wordlistName[MAX_WORD_LISTS][200]; data/tuxtype-1.8.3/src/titlescreen.c:1283:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile = fopen( wordlistFile[lists], "r" ); data/tuxtype-1.8.3/src/titlescreen.c:1338:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile = fopen( wordlistFile[lists], "r" ); data/tuxtype-1.8.3/src/titlescreen.c:1392:18: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tempFile = fopen( wordlistFile[lists], "r" ); data/tuxtype-1.8.3/src/SDL_extras.c:1376:3: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(wchar_tmp, t, length); data/tuxtype-1.8.3/src/SDL_extras.c:1484:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prev_font_name, settings.theme_font_name, sizeof(prev_font_name)); data/tuxtype-1.8.3/src/SDL_extras.c:1559:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(prev_font_name, settings.theme_font_name, sizeof(prev_font_name)); data/tuxtype-1.8.3/src/alphabet.c:164:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((wcslen(wide_str) >=3) data/tuxtype-1.8.3/src/alphabet.c:181:13: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(wide_str) < 5) data/tuxtype-1.8.3/src/alphabet.c:204:12: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(wcslen(wide_str) == 1) data/tuxtype-1.8.3/src/alphabet.c:543:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (j = 0; j < strlen(temp_word); j++) data/tuxtype-1.8.3/src/alphabet.c:598:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(word_list[num_words], temp_wide_word, strlen(temp_word) + 1); data/tuxtype-1.8.3/src/alphabet.c:598:51: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcsncpy(word_list[num_words], temp_wide_word, strlen(temp_word) + 1); data/tuxtype-1.8.3/src/alphabet.c:765:35: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while (i < MAX_WORD_SIZE && i < wcslen(s)) data/tuxtype-1.8.3/src/convert_utf.c:70:3: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(wide_word, temp_wchar, max_length); data/tuxtype-1.8.3/src/convert_utf.c:74:10: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return wcslen(wide_word); data/tuxtype-1.8.3/src/convert_utf.c:120:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(UTF8_word, temp_UTF8, max_length); data/tuxtype-1.8.3/src/convert_utf.c:124:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return strlen(UTF8_word); data/tuxtype-1.8.3/src/editor.c:124:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(list_dirent->d_name) < 5) data/tuxtype-1.8.3/src/editor.c:127:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(&list_dirent->d_name[strlen(list_dirent->d_name) -4 ],".txt")) data/tuxtype-1.8.3/src/editor.c:143:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file_names[num_lists++], list_dirent->d_name, FNLEN-1); data/tuxtype-1.8.3/src/editor.c:383:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(file_names[num_lists++], list_dirent->d_name, FNLEN-1); data/tuxtype-1.8.3/src/gettext.h:191:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgctxt_len = strlen (msgctxt) + 1; data/tuxtype-1.8.3/src/gettext.h:192:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgid_len = strlen (msgid) + 1; data/tuxtype-1.8.3/src/gettext.h:237:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgctxt_len = strlen (msgctxt) + 1; data/tuxtype-1.8.3/src/gettext.h:238:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t msgid_len = strlen (msgid) + 1; data/tuxtype-1.8.3/src/input_methods.c:427:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t len = wcslen(src)+1; /* Copy over all src string + NUL */ data/tuxtype-1.8.3/src/input_methods.c:438:18: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int peg = (int)wcslen(s) - (int)count; data/tuxtype-1.8.3/src/input_methods.c:592:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(wcslen(sm->output)) { data/tuxtype-1.8.3/src/input_methods.c:596:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < wcslen(sm->output); i++) fprintf(stderr, "%04X ", (int)sm->output[i]); data/tuxtype-1.8.3/src/input_methods.c:598:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < wcslen(unicode); i++) fprintf(stderr, "%04X ", (int)unicode[i]); data/tuxtype-1.8.3/src/input_methods.c:683:6: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strlen(flag) > 1) { data/tuxtype-1.8.3/src/input_methods.c:722:15: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. scanned = fscanf(is, "%255s", buf); data/tuxtype-1.8.3/src/input_methods.c:758:15: [1] (buffer) fscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. scanned = fscanf(is, "%255s\t%255s", buf, flag); data/tuxtype-1.8.3/src/input_methods.c:774:26: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(i = 0; i < wcslen(unicode); i++) fwprintf(stderr, L"%04X ", (int)unicode[i]); data/tuxtype-1.8.3/src/input_methods.c:836:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(cm->match_count < (int)wcslen(s)) { data/tuxtype-1.8.3/src/input_methods.c:846:30: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(cm->match_count == (int)wcslen(s)) { data/tuxtype-1.8.3/src/input_methods.c:970:11: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:970:52: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:971:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcs_lshift(im->s, (wcslen(im->s) - im->redraw) ); data/tuxtype-1.8.3/src/input_methods.c:1020:9: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->buf, &u, 1); /* Copy new character */ data/tuxtype-1.8.3/src/input_methods.c:1027:65: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1027:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1031:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(us && wcslen(us)) { data/tuxtype-1.8.3/src/input_methods.c:1046:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(us); data/tuxtype-1.8.3/src/input_methods.c:1051:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(wcslen(im->buf) > 0) { data/tuxtype-1.8.3/src/input_methods.c:1057:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1062:47: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((size_t)cm.match_count != wcslen(im->buf)) { data/tuxtype-1.8.3/src/input_methods.c:1066:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1077:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(im->buf); data/tuxtype-1.8.3/src/input_methods.c:1155:11: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1155:52: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1156:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcs_lshift(im->s, (wcslen(im->s) - im->redraw) ); data/tuxtype-1.8.3/src/input_methods.c:1206:9: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->buf, &u, 1); /* Copy new character */ data/tuxtype-1.8.3/src/input_methods.c:1213:65: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1213:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1217:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(us && wcslen(us)) { data/tuxtype-1.8.3/src/input_methods.c:1232:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(us); data/tuxtype-1.8.3/src/input_methods.c:1237:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(wcslen(im->buf) > 0) { data/tuxtype-1.8.3/src/input_methods.c:1243:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1248:47: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((size_t)cm.match_count != wcslen(im->buf)) { data/tuxtype-1.8.3/src/input_methods.c:1252:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1263:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(im->buf); data/tuxtype-1.8.3/src/input_methods.c:1341:11: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1341:52: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1342:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcs_lshift(im->s, (wcslen(im->s) - im->redraw) ); data/tuxtype-1.8.3/src/input_methods.c:1393:9: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->buf, &u, 1); /* Copy new character */ data/tuxtype-1.8.3/src/input_methods.c:1400:65: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1400:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1404:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(us && wcslen(us)) { data/tuxtype-1.8.3/src/input_methods.c:1419:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(us); data/tuxtype-1.8.3/src/input_methods.c:1424:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(wcslen(im->buf) > 0) { data/tuxtype-1.8.3/src/input_methods.c:1430:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1435:47: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((size_t)cm.match_count != wcslen(im->buf)) { data/tuxtype-1.8.3/src/input_methods.c:1439:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, im->buf, 1); data/tuxtype-1.8.3/src/input_methods.c:1450:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(im->buf); data/tuxtype-1.8.3/src/input_methods.c:1492:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). return (unicode && wcslen(unicode) == 1 && 0x314F <= unicode[0] && unicode[0] <= 0x3163); data/tuxtype-1.8.3/src/input_methods.c:1552:11: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1552:52: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if((int)wcslen(im->s) < im->redraw) im->redraw = wcslen(im->s); data/tuxtype-1.8.3/src/input_methods.c:1553:22: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wcs_lshift(im->s, (wcslen(im->s) - im->redraw) ); data/tuxtype-1.8.3/src/input_methods.c:1582:10: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(wcslen(im->buf) > 0) { data/tuxtype-1.8.3/src/input_methods.c:1603:9: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(bp, &u, 1); /* Copy new character */ data/tuxtype-1.8.3/src/input_methods.c:1610:65: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1610:80: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L" [%8ls] [%8ls] %2d %2d\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf)); data/tuxtype-1.8.3/src/input_methods.c:1614:20: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(us && wcslen(us)) { data/tuxtype-1.8.3/src/input_methods.c:1628:33: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(us); /* May need to re-eval next time */ data/tuxtype-1.8.3/src/input_methods.c:1676:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(us); data/tuxtype-1.8.3/src/input_methods.c:1681:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if(wcslen(bp) > 0) { data/tuxtype-1.8.3/src/input_methods.c:1687:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, bp, 1); data/tuxtype-1.8.3/src/input_methods.c:1692:47: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). else if((size_t)cm.match_count != wcslen(bp)) { data/tuxtype-1.8.3/src/input_methods.c:1696:15: [1] (buffer) wcsncat: Easily used incorrectly (e.g., incorrectly computing the correct maximum size to add) [MS-banned] (CWE-120). Consider strcat_s, strlcat, or automatically resizing strings. wcsncat(im->s, bp, 1); data/tuxtype-1.8.3/src/input_methods.c:1707:29: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). im->redraw += wcslen(bp); data/tuxtype-1.8.3/src/input_methods.c:1867:63: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L"* [%8ls] [%8ls] %2d %2d (%2d)\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf), im->redraw); data/tuxtype-1.8.3/src/input_methods.c:1867:78: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wprintf(L"* [%8ls] [%8ls] %2d %2d (%2d)\n", im->s, im->buf, wcslen(im->s), wcslen(im->buf), im->redraw); data/tuxtype-1.8.3/src/laser.c:884:18: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (wcslen(word) == 0) data/tuxtype-1.8.3/src/laser.c:885:18: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). || (wcslen(word) > NUM_CITIES - 1)) data/tuxtype-1.8.3/src/laser.c:891:81: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). DEBUGCODE {fprintf(stderr, "word is: %S\tlength is: %d\n", word, (int)wcslen(word));} data/tuxtype-1.8.3/src/laser.c:894:40: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). target = rand() % (NUM_CITIES - wcslen(word) + 1); data/tuxtype-1.8.3/src/laser.c:898:19: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < wcslen(word); i++) data/tuxtype-1.8.3/src/laser.c:962:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 0; i < strlen(str); i++) data/tuxtype-1.8.3/src/loaders.c:251:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(svgfn, datafile, dotpos - datafile); data/tuxtype-1.8.3/src/mysetenv.c:27:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t namelen = strlen(name); data/tuxtype-1.8.3/src/mysetenv.c:28:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). size_t valuelen = (value==NULL ? 0 : strlen(value)); data/tuxtype-1.8.3/src/options.c:42:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_font_name, DEFAULT_FONT_NAME, FNLEN); data/tuxtype-1.8.3/src/options.c:43:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_locale_name, DEFAULT_LOCALE, FNLEN); data/tuxtype-1.8.3/src/playgame.c:570:6: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wcslen(fish_object[f].word) > tux_object.wordlen) data/tuxtype-1.8.3/src/playgame.c:573:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0; i < wcslen(fish_object[f].word); i++) data/tuxtype-1.8.3/src/playgame.c:574:112: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (fish_object[f].word[i] != tux_object.word[tux_object.wordlen - wcslen(fish_object[f].word) + i]) data/tuxtype-1.8.3/src/playgame.c:801:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed_places = strlen(numnuts); data/tuxtype-1.8.3/src/playgame.c:845:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). needed_places = strlen(numnuts); data/tuxtype-1.8.3/src/playgame.c:1041:9: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). while(wcslen(new_word) > max_length); data/tuxtype-1.8.3/src/playgame.c:1053:31: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fish_object[*fishies].len = wcslen(new_word); //using wchar_t[] now data/tuxtype-1.8.3/src/playgame.c:1095:50: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). fprintf(stderr, "Byte length is: %d\n", (int)wcslen(fish_object[*fishies].word)); data/tuxtype-1.8.3/src/playgame.c:1293:18: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int length = wcslen(fish_object[which].word); data/tuxtype-1.8.3/src/practice.c:155:8: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). && wcslen(pphrase) > 0) data/tuxtype-1.8.3/src/practice.c:157:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(phrases[0], pphrase, MAX_PHRASE_LENGTH); data/tuxtype-1.8.3/src/practice.c:227:11: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(buf, &phrases[cur_phrase][prev_wrap], wrap_pt + 1); data/tuxtype-1.8.3/src/practice.c:253:11: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(buf, &phrases[cur_phrase][prev_wrap], cursor - prev_wrap); data/tuxtype-1.8.3/src/practice.c:740:25: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (cursor == wcslen(phrases[cur_phrase])) data/tuxtype-1.8.3/src/practice.c:1301:16: [1] (buffer) wcslen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). phr_length = wcslen(wstr); data/tuxtype-1.8.3/src/practice.c:1331:5: [1] (buffer) wcsncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). wcsncpy(buf, wstr, MAX_PHRASE_LENGTH); data/tuxtype-1.8.3/src/scandir.c:206:12: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(dirname); data/tuxtype-1.8.3/src/scandir.c:252:60: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). selectDir=(struct dirent*)malloc(sizeof(struct dirent)+strlen(find.cFileName)); data/tuxtype-1.8.3/src/scripting.c:519:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (start=0; start<strlen(in) && in[start] != '"'; start++); // find the first " data/tuxtype-1.8.3/src/scripting.c:521:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (start >= strlen(in)) return 0; // return null string if no " found data/tuxtype-1.8.3/src/scripting.c:525:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (finish=start; finish<strlen(in) && in[finish] != '"'; finish++); // find the next " data/tuxtype-1.8.3/src/scripting.c:527:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (finish >= strlen(in)) return 0; // return null string if no " found data/tuxtype-1.8.3/src/scripting.c:572:10: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if ((strlen(col)==7) && (col[0] == '#')) { data/tuxtype-1.8.3/src/scripting.c:629:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for ( tmpStr = str; strlen(tmpStr) >= 3 && !found; tmpStr++ ) data/tuxtype-1.8.3/src/scripting.c:650:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(tmpStr) > 0) data/tuxtype-1.8.3/src/scripting.c:653:21: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(str, tmpStr, strlen(tmpStr)); data/tuxtype-1.8.3/src/scripting.c:653:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strncpy(str, tmpStr, strlen(tmpStr)); data/tuxtype-1.8.3/src/scripting.c:654:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). str[strlen(tmpStr)] = '\0'; data/tuxtype-1.8.3/src/scripting.c:690:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 7; i < strlen(str) && str[i] != '>'; i++) data/tuxtype-1.8.3/src/scripting.c:727:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 5; i < strlen(str) && str[i]!='>'; i++) data/tuxtype-1.8.3/src/scripting.c:765:21: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 5; i<strlen(str) && str[i]!='>'; i++) data/tuxtype-1.8.3/src/scripting.c:774:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(t)>=1) data/tuxtype-1.8.3/src/scripting.c:802:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (start = 5; start < strlen(str) - 5 && str[start] != '>'; start++); data/tuxtype-1.8.3/src/scripting.c:806:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (finish = strlen(str) - 6; finish > 5; finish--) data/tuxtype-1.8.3/src/scripting.c:815:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(curItem->data, &str[start], finish - start + 1); data/tuxtype-1.8.3/src/scripting.c:853:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 5; i < strlen(str); i++) data/tuxtype-1.8.3/src/scripting.c:871:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(t) >= 1) data/tuxtype-1.8.3/src/scripting.c:915:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 6; i < strlen(str); i++) data/tuxtype-1.8.3/src/scripting.c:947:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i =5 ; i < strlen(str); i++) data/tuxtype-1.8.3/src/scripting.c:956:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(t) >= 1) data/tuxtype-1.8.3/src/scripting.c:990:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = 5; i < strlen(str) && str[i] != '>'; i++) data/tuxtype-1.8.3/src/scripting.c:1002:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(t) >= 1) data/tuxtype-1.8.3/src/scripting.c:1023:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (start = 5; start < strlen(str) - 5 && str[start] != '>'; start++); data/tuxtype-1.8.3/src/scripting.c:1027:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (finish = strlen(str) - 6; finish > 5; finish--) data/tuxtype-1.8.3/src/scripting.c:1036:11: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(curItem->data, &str[start], finish - start + 1); data/tuxtype-1.8.3/src/scripting.c:1308:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(tmp, &curItem->data[shown], FNLEN - 1); data/tuxtype-1.8.3/src/scripting.c:1310:17: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tmp[strlen(curItem->data) - shown] = 0; data/tuxtype-1.8.3/src/scripting.c:1312:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (toshow = strlen(&curItem->data[shown]); !ok; toshow--) data/tuxtype-1.8.3/src/scripting.c:1371:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). } while (shown + 1 < strlen(curItem->data)); data/tuxtype-1.8.3/src/scripting.c:1651:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). const char* ending = &xml_dirent->d_name[strlen(xml_dirent->d_name) - 4]; data/tuxtype-1.8.3/src/setup.c:310:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.lang, value, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:346:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_font_name, value, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:352:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_locale_name, value, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:454:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.default_data_path, DATA_PREFIX, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:479:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_data_path, full_theme_path, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:485:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_name, theme_dir, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:489:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_font_name, DEFAULT_FONT_NAME, FNLEN); data/tuxtype-1.8.3/src/setup.c:504:7: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(settings.theme_name, ""); data/tuxtype-1.8.3/src/setup.c:505:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_font_name, DEFAULT_FONT_NAME, FNLEN); data/tuxtype-1.8.3/src/setup.c:506:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_locale_name, DEFAULT_LOCALE, FNLEN); data/tuxtype-1.8.3/src/setup.c:513:5: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(settings.theme_name, ""); data/tuxtype-1.8.3/src/setup.c:514:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_font_name, DEFAULT_FONT_NAME, FNLEN); data/tuxtype-1.8.3/src/setup.c:515:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_locale_name, DEFAULT_LOCALE, FNLEN); data/tuxtype-1.8.3/src/setup.c:526:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.var_data_path, VAR_PREFIX, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:540:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.global_settings_path, CONF_PREFIX, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:561:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.user_settings_path, fn, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:574:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.user_settings_path, fn, FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:583:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(settings.user_settings_path, "userdata", FNLEN - 1); data/tuxtype-1.8.3/src/setup.c:589:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy(settings.user_settings_path, "/tmp", FNLEN - 1); data/tuxtype-1.8.3/src/theme.c:69:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(old_theme_path, settings.theme_data_path, FNLEN - 1); data/tuxtype-1.8.3/src/theme.c:99:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( themeNames[themes], themesFile->d_name, FNLEN-1); data/tuxtype-1.8.3/src/theme.c:102:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy( themePaths[themes++], themesFile->d_name, FNLEN-1 ); data/tuxtype-1.8.3/src/theme.c:214:13: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(settings.theme_data_path, old_theme_path, FNLEN - 1); data/tuxtype-1.8.3/src/titlescreen.c:1274:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wordsFile->d_name) < 5) data/tuxtype-1.8.3/src/titlescreen.c:1277:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(&wordsFile->d_name[strlen(wordsFile->d_name) -4 ],".txt")) data/tuxtype-1.8.3/src/titlescreen.c:1292:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wordlistName[lists][strlen(wordlistName[lists]) - 1] == '\r') data/tuxtype-1.8.3/src/titlescreen.c:1293:27: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wordlistName[lists][strlen(wordlistName[lists]) - 1] = '\0'; data/tuxtype-1.8.3/src/titlescreen.c:1329:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wordsFile->d_name) < 5) data/tuxtype-1.8.3/src/titlescreen.c:1332:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(&wordsFile->d_name[strlen(wordsFile->d_name) -4 ],".txt")) data/tuxtype-1.8.3/src/titlescreen.c:1347:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wordlistName[lists][strlen(wordlistName[lists]) - 1] == '\r') data/tuxtype-1.8.3/src/titlescreen.c:1348:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wordlistName[lists][strlen(wordlistName[lists]) - 1] = '\0'; data/tuxtype-1.8.3/src/titlescreen.c:1383:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(wordsFile->d_name) < 5) data/tuxtype-1.8.3/src/titlescreen.c:1386:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strcmp(&wordsFile->d_name[strlen(wordsFile->d_name) -4 ],".txt")) data/tuxtype-1.8.3/src/titlescreen.c:1401:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (wordlistName[lists][strlen(wordlistName[lists]) - 1] == '\r') data/tuxtype-1.8.3/src/titlescreen.c:1402:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). wordlistName[lists][strlen(wordlistName[lists]) - 1] = '\0'; ANALYSIS SUMMARY: Hits = 540 Lines analyzed = 18904 in approximately 0.58 seconds (32351 lines/second) Physical Source Lines of Code (SLOC) = 12311 Hits@level = [0] 437 [1] 186 [2] 274 [3] 5 [4] 75 [5] 0 Hits@level+ = [0+] 977 [1+] 540 [2+] 354 [3+] 80 [4+] 75 [5+] 0 Hits/KSLOC@level+ = [0+] 79.3599 [1+] 43.8632 [2+] 28.7548 [3+] 6.49825 [4+] 6.09211 [5+] 0 Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.