Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/virtualjaguar-2.1.3/src/cry2rgb.h Examining data/virtualjaguar-2.1.3/src/tom.cpp Examining data/virtualjaguar-2.1.3/src/wavetable.cpp Examining data/virtualjaguar-2.1.3/src/jagstub1bios.h Examining data/virtualjaguar-2.1.3/src/jagstub2bios.h Examining data/virtualjaguar-2.1.3/src/file.cpp Examining data/virtualjaguar-2.1.3/src/jaguar.h Examining data/virtualjaguar-2.1.3/src/crc32.cpp Examining data/virtualjaguar-2.1.3/src/mmu.cpp Examining data/virtualjaguar-2.1.3/src/cdintf.h Examining data/virtualjaguar-2.1.3/src/jerry.h Examining data/virtualjaguar-2.1.3/src/universalhdr.h Examining data/virtualjaguar-2.1.3/src/eeprom.cpp Examining data/virtualjaguar-2.1.3/src/foooked.h Examining data/virtualjaguar-2.1.3/src/state.h Examining data/virtualjaguar-2.1.3/src/memtrack.h Examining data/virtualjaguar-2.1.3/src/jagbios.cpp Examining data/virtualjaguar-2.1.3/src/joystick.cpp Examining data/virtualjaguar-2.1.3/src/jagstub2bios.cpp Examining data/virtualjaguar-2.1.3/src/jagdasm.h Examining data/virtualjaguar-2.1.3/src/jaguar.cpp Examining data/virtualjaguar-2.1.3/src/unzip.h Examining data/virtualjaguar-2.1.3/src/tom.h Examining data/virtualjaguar-2.1.3/src/op.cpp Examining data/virtualjaguar-2.1.3/src/jagdevcdbios.cpp Examining data/virtualjaguar-2.1.3/src/dsp.h Examining data/virtualjaguar-2.1.3/src/jagcdbios.cpp Examining data/virtualjaguar-2.1.3/src/cdrom.cpp Examining data/virtualjaguar-2.1.3/src/jagbios.h Examining data/virtualjaguar-2.1.3/src/memory.cpp Examining data/virtualjaguar-2.1.3/src/dsp.cpp Examining data/virtualjaguar-2.1.3/src/filedb.h Examining data/virtualjaguar-2.1.3/src/jerry.cpp Examining data/virtualjaguar-2.1.3/src/op.h Examining data/virtualjaguar-2.1.3/src/jagbios2.h Examining data/virtualjaguar-2.1.3/src/unzip.cpp Examining data/virtualjaguar-2.1.3/src/memtrack.cpp Examining data/virtualjaguar-2.1.3/src/m68000/m68kinterface.c Examining data/virtualjaguar-2.1.3/src/m68000/inlines.h Examining data/virtualjaguar-2.1.3/src/m68000/m68kinterface.h Examining data/virtualjaguar-2.1.3/src/m68000/readcpu.h Examining data/virtualjaguar-2.1.3/src/m68000/cpuextra.c Examining data/virtualjaguar-2.1.3/src/m68000/gencpu.c Examining data/virtualjaguar-2.1.3/src/m68000/cpuextra.h Examining data/virtualjaguar-2.1.3/src/m68000/cpudefs.h Examining data/virtualjaguar-2.1.3/src/m68000/sysdeps.h Examining data/virtualjaguar-2.1.3/src/m68000/build68k.c Examining data/virtualjaguar-2.1.3/src/m68000/readcpu.c Examining data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c Examining data/virtualjaguar-2.1.3/src/blitter.h Examining data/virtualjaguar-2.1.3/src/jagstub1bios.cpp Examining data/virtualjaguar-2.1.3/src/jagdasm.cpp Examining data/virtualjaguar-2.1.3/src/eeprom.h Examining data/virtualjaguar-2.1.3/src/log.h Examining data/virtualjaguar-2.1.3/src/jagcdbios.h Examining data/virtualjaguar-2.1.3/src/joystick.h Examining data/virtualjaguar-2.1.3/src/wavetable.h Examining data/virtualjaguar-2.1.3/src/mmu.h Examining data/virtualjaguar-2.1.3/src/file.h Examining data/virtualjaguar-2.1.3/src/dac.cpp Examining data/virtualjaguar-2.1.3/src/blitter.cpp Examining data/virtualjaguar-2.1.3/src/crc32.h Examining data/virtualjaguar-2.1.3/src/jagdevcdbios.h Examining data/virtualjaguar-2.1.3/src/memory.h Examining data/virtualjaguar-2.1.3/src/log.cpp Examining data/virtualjaguar-2.1.3/src/version.h Examining data/virtualjaguar-2.1.3/src/universalhdr.cpp Examining data/virtualjaguar-2.1.3/src/gpu.h Examining data/virtualjaguar-2.1.3/src/settings.cpp Examining data/virtualjaguar-2.1.3/src/filedb.cpp Examining data/virtualjaguar-2.1.3/src/dac.h Examining data/virtualjaguar-2.1.3/src/gui/app.cpp Examining data/virtualjaguar-2.1.3/src/gui/alpinetab.h Examining data/virtualjaguar-2.1.3/src/gui/help.h Examining data/virtualjaguar-2.1.3/src/gui/filethread.cpp Examining data/virtualjaguar-2.1.3/src/gui/about.h Examining data/virtualjaguar-2.1.3/src/gui/controllertab.cpp Examining data/virtualjaguar-2.1.3/src/gui/help.cpp Examining data/virtualjaguar-2.1.3/src/gui/mainwin.h Examining data/virtualjaguar-2.1.3/src/gui/about.cpp Examining data/virtualjaguar-2.1.3/src/gui/profile.cpp Examining data/virtualjaguar-2.1.3/src/gui/configdialog.cpp Examining data/virtualjaguar-2.1.3/src/gui/controllerwidget.h Examining data/virtualjaguar-2.1.3/src/gui/generaltab.cpp Examining data/virtualjaguar-2.1.3/src/gui/imagedelegate.cpp Examining data/virtualjaguar-2.1.3/src/gui/imagedelegate.h Examining data/virtualjaguar-2.1.3/src/gui/mainwin.cpp Examining data/virtualjaguar-2.1.3/src/gui/configdialog.h Examining data/virtualjaguar-2.1.3/src/gui/gamepad.cpp Examining data/virtualjaguar-2.1.3/src/gui/generaltab.h Examining data/virtualjaguar-2.1.3/src/gui/filethread.h Examining data/virtualjaguar-2.1.3/src/gui/keygrabber.cpp Examining data/virtualjaguar-2.1.3/src/gui/controllerwidget.cpp Examining data/virtualjaguar-2.1.3/src/gui/filelistmodel.h Examining data/virtualjaguar-2.1.3/src/gui/app.h Examining data/virtualjaguar-2.1.3/src/gui/glwidget.h Examining data/virtualjaguar-2.1.3/src/gui/filepicker.cpp Examining data/virtualjaguar-2.1.3/src/gui/controllertab.h Examining data/virtualjaguar-2.1.3/src/gui/profile.h Examining data/virtualjaguar-2.1.3/src/gui/alpinetab.cpp Examining data/virtualjaguar-2.1.3/src/gui/filelistmodel.cpp Examining data/virtualjaguar-2.1.3/src/gui/glwidget.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.h Examining data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.h Examining data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.h Examining data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.h Examining data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp Examining data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.h Examining data/virtualjaguar-2.1.3/src/gui/gamepad.h Examining data/virtualjaguar-2.1.3/src/gui/filepicker.h Examining data/virtualjaguar-2.1.3/src/gui/keygrabber.h Examining data/virtualjaguar-2.1.3/src/gpu.cpp Examining data/virtualjaguar-2.1.3/src/cdintf.cpp Examining data/virtualjaguar-2.1.3/src/settings.h Examining data/virtualjaguar-2.1.3/src/event.h Examining data/virtualjaguar-2.1.3/src/jagbios2.cpp Examining data/virtualjaguar-2.1.3/src/state.cpp Examining data/virtualjaguar-2.1.3/src/event.cpp Examining data/virtualjaguar-2.1.3/src/cdrom.h FINAL RESULTS: data/virtualjaguar-2.1.3/src/eeprom.cpp:98:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(eeprom_filename, "%s%08X.eeprom", vjs.EEPROMPath, (unsigned int)jaguarMainROMCRC32); data/virtualjaguar-2.1.3/src/eeprom.cpp:99:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(cdromEEPROMFilename, "%scdrom.eeprom", vjs.EEPROMPath); data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:106:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.EEPROMPath, CheckForTrailingSlash( data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:108:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.ROMPath, CheckForTrailingSlash( data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:120:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.alpineROMPath, alpineTab->edit1->text().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/configdialog.cpp:121:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.absROMPath, alpineTab->edit2->text().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:75:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "%06X: %s<br>", oldpc, buffer); data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:87:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, singleCharString); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:66:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "%s%06X: ", (i != 0 ? "<br>" : ""), memBase + i); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:71:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:75:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:88:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(string, buf); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:148:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "<br>%06X: %08X %08X %s -> %06X", address, hi, lo, opType[objectType], link); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:155:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, " YPOS %s %u", ccType[cc], ypos); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:231:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, " [%u x %u @ (%i, %u) (iw:%u, dw:%u) (%u bpp), p:%06X fp:%02X, fl:%s%s%s%s, idx:%02X, pt:%02X]<br>", data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:76:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(string, "%06X: %s<br>", oldpc, buffer); data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:88:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buffer, singleCharString); data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:88:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.jagBootPath, settings.value("JagBootROM", "./bios/[BIOS] Atari Jaguar (USA, Europe).zip").toString().toAscii().data()); data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:89:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.CDBootPath, settings.value("CDBootROM", "./bios/jagcd.rom").toString().toAscii().data()); data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:90:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.EEPROMPath, settings.value("EEPROMs", "./eeproms").toString().toAscii().data()); data/virtualjaguar-2.1.3/src/gui/generaltab.cpp:91:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.ROMPath, settings.value("ROMs", "./software").toString().toAscii().data()); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1192:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.EEPROMPath, settings.value("EEPROMs", QStandardPaths::writableLocation(QStandardPaths::DataLocation).append("/eeproms/")).toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1193:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.ROMPath, settings.value("ROMs", QStandardPaths::writableLocation(QStandardPaths::DataLocation).append("/software/")).toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1194:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.alpineROMPath, settings.value("DefaultROM", "").toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1195:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(vjs.absROMPath, settings.value("DefaultABS", "").toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/profile.cpp:100:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(deviceNames[i], set->value("deviceName").toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/gui/profile.cpp:116:3: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(profile[i].mapName, set->value("mapName").toString().toUtf8().data()); data/virtualjaguar-2.1.3/src/jagdasm.cpp:124:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 31: sprintf(buffer, "CMPQ %s,R%02d", signed_16bit((int16_t)(reg1 << 11) >> 11), reg2);break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:161:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 52: sprintf(buffer, "JUMP %s(R%02d)", condition[reg2], reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:162:12: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. case 53: sprintf(buffer, "JR %s$%X", condition[reg2], pc + ((int8_t)(reg1 << 3) >> 2)); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:177:7: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(buffer, (reg1 ? "UNPACK R%02d" : "PACK R%02d"), reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:184:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufferOut,"%-24s (%04X)", buffer, op); data/virtualjaguar-2.1.3/src/jagdasm.cpp:187:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufferOut, "%04X %-24s", op, buffer); data/virtualjaguar-2.1.3/src/jagdasm.cpp:191:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(bufferOut, "%04X %04X %04X %-24s", op, word1, word2, buffer); data/virtualjaguar-2.1.3/src/log.cpp:68:13: [4] (format) vfprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. logSize += vfprintf(log_stream, text, arg); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:114:9: [4] (buffer) fscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. while (fscanf (file, "%lx: %lu %s\n", &opcode, &count, name) == 3) { data/virtualjaguar-2.1.3/src/m68000/gencpu.c:695:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (unsstr, usstr); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:697:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (sstr, vstr); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:698:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (dstr, vstr); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:699:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (vstr, value); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:701:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (dstr, dst); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:703:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (sstr, src); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:706:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (udstr, usstr); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:707:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (udstr, dst); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:709:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (usstr, src); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:712:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy (undstr, unsstr); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:715:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (undstr, dst); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:717:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat (unsstr, src); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:107:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%lX", name, data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:167:4: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer,"(%s%c%d.%c*%d+%ld)+%ld == $%lX", name, data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:239:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(buf, buffer); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:280:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, buf); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:285:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, buf); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:309:4: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, buf); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:314:5: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, buf); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:349:2: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(instrname, lookup->name); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:355:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "%s", instrname); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:356:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, f); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:381:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "%s, $%lX", src, (long)newpc); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:383:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "%s, %s", dst, src); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:385:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, "%s%s%s", src, (dp->suse && dp->duse ? ", " : ""), dst); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:387:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, f); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:391:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(f, " (%s)", (cctrue(dp->cc) ? "true" : "false")); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:392:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(str, f); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:405:3: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, f); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:408:2: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(output, str); data/virtualjaguar-2.1.3/src/memtrack.cpp:51:2: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mtFilename, "%s%s", vjs.EEPROMPath, MEMTRACK_FILENAME); data/virtualjaguar-2.1.3/src/jaguar.cpp:1921:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:64:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random rand data/virtualjaguar-2.1.3/src/blitter.cpp:1481:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * ctrlStr[4] = { "XADDPHR\0", "XADDPIX\0", "XADD0\0", "XADDINC\0" }; data/virtualjaguar-2.1.3/src/blitter.cpp:1482:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * bppStr[8] = { "1bpp\0", "2bpp\0", "4bpp\0", "8bpp\0", "16bpp\0", "32bpp\0", "???\0", "!!!\0" }; data/virtualjaguar-2.1.3/src/blitter.cpp:1483:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * opStr[16] = { "LFU_CLEAR", "LFU_NSAND", "LFU_NSAD", "LFU_NOTS", "LFU_SAND", "LFU_NOTD", "LFU_N_SXORD", "LFU_NSORND", data/virtualjaguar-2.1.3/src/blitter.cpp:1780:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * opStr[16] = { "LFU_CLEAR", "LFU_NSAND", "LFU_NSAD", "LFU_NOTS", "LFU_SAND", "LFU_NOTD", "LFU_N_SXORD", "LFU_NSORND", data/virtualjaguar-2.1.3/src/blitter.cpp:2851:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char zfs[512], lfus[512]; data/virtualjaguar-2.1.3/src/blitter.cpp:2854:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(zfs, " ZMODE=%X", zmode); data/virtualjaguar-2.1.3/src/blitter.cpp:2856:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(lfus, " LFUFUNC=%X", lfufunc); data/virtualjaguar-2.1.3/src/blitter.cpp:3063:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char x_add_str[4][4] = { "phr", "1", "0", "inc" }; data/virtualjaguar-2.1.3/src/cdrom.cpp:190:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * BReg[12] = { "BUTCH", "DSCNTRL", "DS_DATA", "???", "I2CNTRL", data/virtualjaguar-2.1.3/src/dsp.cpp:368:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * dsp_opcode_str[65]= data/virtualjaguar-2.1.3/src/dsp.cpp:1094:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsp_ram_8, ram1, 0x2000); data/virtualjaguar-2.1.3/src/dsp.cpp:1095:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsp_reg_bank_0, regs1, 32 * 4); data/virtualjaguar-2.1.3/src/dsp.cpp:1096:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dsp_reg_bank_1, ®s1[32], 32 * 4); data/virtualjaguar-2.1.3/src/eeprom.cpp:82:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char eeprom_filename[MAX_PATH]; data/virtualjaguar-2.1.3/src/eeprom.cpp:83:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cdromEEPROMFilename[MAX_PATH]; data/virtualjaguar-2.1.3/src/eeprom.cpp:100:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(eeprom_filename, "rb"); data/virtualjaguar-2.1.3/src/eeprom.cpp:113:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fp = fopen(cdromEEPROMFilename, "rb"); data/virtualjaguar-2.1.3/src/eeprom.cpp:146:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(eeprom_filename, "wb"); data/virtualjaguar-2.1.3/src/eeprom.cpp:161:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(cdromEEPROMFilename, "wb"); data/virtualjaguar-2.1.3/src/file.cpp:139:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0x800000, buffer, jaguarROMSize); data/virtualjaguar-2.1.3/src/file.cpp:151:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0x802000, buffer, jaguarROMSize); data/virtualjaguar-2.1.3/src/file.cpp:167:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + loadAddress, buffer + 0x24, codeSize); data/virtualjaguar-2.1.3/src/file.cpp:177:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + loadAddress, buffer + 0xA8, codeSize); data/virtualjaguar-2.1.3/src/file.cpp:225:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + loadAddress, buffer + 0x2E, jaguarROMSize - 0x2E); data/virtualjaguar-2.1.3/src/file.cpp:249:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + loadAddress, buffer + 0x20, jaguarROMSize - 0x20); data/virtualjaguar-2.1.3/src/file.cpp:288:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0x802000, buffer, jaguarROMSize); data/virtualjaguar-2.1.3/src/file.cpp:308:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char buffer[0x10000]; data/virtualjaguar-2.1.3/src/file.cpp:358:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char ftStrings[5][32] = { "Software", "EEPROM", "Label", "Box Art", "Controller Overlay" }; data/virtualjaguar-2.1.3/src/file.cpp:360:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * zip = fopen(zipFile, "rb"); data/virtualjaguar-2.1.3/src/file.cpp:444:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * zip = fopen(zipFile, "rb"); data/virtualjaguar-2.1.3/src/file.cpp:482:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * zip = fopen(zipFile, "rb"); data/virtualjaguar-2.1.3/src/filedb.cpp:21:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char name[128]; data/virtualjaguar-2.1.3/src/filedb.h:19:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char name[128]; data/virtualjaguar-2.1.3/src/gpu.cpp:371:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * gpu_opcode_str[64]= data/virtualjaguar-2.1.3/src/gpu.cpp:1071:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[512]; data/virtualjaguar-2.1.3/src/gpu.cpp:1307:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[512]; data/virtualjaguar-2.1.3/src/gpu.cpp:1401:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * condition[32] = data/virtualjaguar-2.1.3/src/gpu.cpp:1445:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * condition[32] = data/virtualjaguar-2.1.3/src/gui/app.cpp:340:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/app.cpp:341:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jagBootPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/app.cpp:342:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CDBootPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/app.cpp:343:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char EEPROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/app.cpp:344:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alpineROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/app.cpp:345:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char absROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:40:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char keyName1[96][16]; data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:41:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char keyName2[64][16]; data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:42:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char hatName[4][16]; data/virtualjaguar-2.1.3/src/gui/controllerwidget.h:43:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char axisName[2][8]; data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[2048]; data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:72:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "PC: %06X SR: %04X<br><br>", m68kPC, m68kSR); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:94:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "A0: %08X A1: %08X A2: %08X A3: %08X<br>", m68kA0, m68kA1, m68kA2, m68kA3); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:101:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "A4: %08X A5: %08X A6: %08X A7: %08X<br><br>", m68kA4, m68kA5, m68kA6, m68kA7); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:108:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "D0: %08X D1: %08X D2: %08X D3: %08X<br>", m68kD0, m68kD1, m68kD2, m68kD3); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:115:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "D4: %08X D5: %08X D6: %08X D7: %08X<br><br>", m68kD4, m68kD5, m68kD6, m68kD7); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:119:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "GPU PC: %06X FLAGS: %04X SR: %04X<br><br>", GPUReadLong(0xF02110, DEBUG), GPUReadLong(0xF02100, DEBUG), GPUReadLong(0xF02114, DEBUG)); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:144:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "Bank 0:<br>" data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:163:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "Bank 1:<br>" data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:183:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "DSP PC: %06X FLAGS: %05X SR: %05X<br><br>", DSPReadLong(0xF1A110, DEBUG), DSPReadLong(0xF1A100, DEBUG), DSPReadLong(0xF1A114, DEBUG)); data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:211:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "Bank 0:<br>" data/virtualjaguar-2.1.3/src/gui/debug/cpubrowser.cpp:230:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "Bank 1:<br>" data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:64:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1024];//, buf[64]; data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:67:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2048]; data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:78:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char singleCharString[2] = { 0, 0 }; data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:83:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buffer, " "); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:61:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1024], buf[64]; data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:70:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%02X ", jaguarMainRAM[memBase + i + j]); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:74:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "| "); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:80:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "&#%i;", c); data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:83:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " "); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1024];//, buf[64]; data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:58:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(string, "OLP = $%X<br>", olp); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:130:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * opType[8] = { data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:134:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * ccType[8] = { data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:138:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:174:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "***** SELF REFERENTIAL LINK *****<br>"); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:185:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:187:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %08X %08X<br>", (uint32_t)(p1 >> 32), (uint32_t)(p1 & 0xFFFFFFFF)); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:189:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %08X %08X<br>", (uint32_t)(p2 >> 32), (uint32_t)(p2 & 0xFFFFFFFF)); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:195:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " [hsc: %02X, vsc: %02X, rem: %02X]<br>", hscale, vscale, remainder); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:202:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:204:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, " %08X %08X<br>", (uint32_t)(p1 >> 32), (uint32_t)(p1 & 0xFFFFFFFF)); data/virtualjaguar-2.1.3/src/gui/debug/opbrowser.cpp:212:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[512]; data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:66:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[1024];//, buf[64]; data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:69:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[2048]; data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:79:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char singleCharString[2] = { 0, 0 }; data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:84:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat(buffer, " "); data/virtualjaguar-2.1.3/src/gui/filethread.cpp:117:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly)) data/virtualjaguar-2.1.3/src/gui/gamepad.h:52:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char padName[8][128]; data/virtualjaguar-2.1.3/src/gui/keygrabber.cpp:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jagButtonName[21][10] = { "Up", "Down", "Left", "Right", data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:382:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0xE00000, (vjs.biosType == BT_K_SERIES ? jaguarBootROM : jaguarBootROM2), 0x20000); // Use the stock BIOS data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:409:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0xE00000, jaguarDevBootROM2, 0x20000); // Use the stub BIOS data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:820:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t)); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:822:6: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern2 + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t)); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:849:4: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0x800000, jaguarCDBootROM, 0x40000); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:995:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0xE00000, biosPointer, 0x20000); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1028:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jagMemSpace + 0x800000, jaguarCDBootROM, 0x40000); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1150:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t)); data/virtualjaguar-2.1.3/src/gui/mainwin.cpp:1152:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(videoWidget->buffer + (y * videoWidget->textureWidth), testPattern2 + (y * VIRTUAL_SCREEN_WIDTH), VIRTUAL_SCREEN_WIDTH * sizeof(uint32_t)); data/virtualjaguar-2.1.3/src/gui/profile.cpp:51:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char deviceNames[MAX_DEVICES][128]; data/virtualjaguar-2.1.3/src/gui/profile.cpp:73:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&profileBackup, &profile, sizeof(Profile) * MAX_PROFILES); data/virtualjaguar-2.1.3/src/gui/profile.cpp:79:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&profile, &profileBackup, sizeof(Profile) * MAX_PROFILES); data/virtualjaguar-2.1.3/src/gui/profile.cpp:92:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(deviceNames[0], "Keyboard"); data/virtualjaguar-2.1.3/src/gui/profile.cpp:142:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(profile[0].mapName, "Default"); data/virtualjaguar-2.1.3/src/gui/profile.cpp:271:3: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(profile[numberOfProfiles].mapName, "Default"); data/virtualjaguar-2.1.3/src/gui/profile.h:17:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mapName[32]; // Human readable map name data/virtualjaguar-2.1.3/src/jagdasm.cpp:28:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * condition[32] = data/virtualjaguar-2.1.3/src/jagdasm.cpp:71:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char temp[10]; data/virtualjaguar-2.1.3/src/jagdasm.cpp:74:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "-$%X", -val); data/virtualjaguar-2.1.3/src/jagdasm.cpp:76:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(temp, "$%X", val); data/virtualjaguar-2.1.3/src/jagdasm.cpp:84:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[64]; data/virtualjaguar-2.1.3/src/jagdasm.cpp:93:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 0: sprintf(buffer, "ADD R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:94:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 1: sprintf(buffer, "ADDC R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:95:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 2: sprintf(buffer, "ADDQ $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:96:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 3: sprintf(buffer, "ADDQT $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:97:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 4: sprintf(buffer, "SUB R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:98:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 5: sprintf(buffer, "SUBC R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:99:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 6: sprintf(buffer, "SUBQ $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:100:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 7: sprintf(buffer, "SUBQT $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:101:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 8: sprintf(buffer, "NEG R%02d", reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:102:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 9: sprintf(buffer, "AND R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:103:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 10: sprintf(buffer, "OR R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:104:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 11: sprintf(buffer, "XOR R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:105:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 12: sprintf(buffer, "NOT R%02d", reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:106:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 13: sprintf(buffer, "BTST $%X,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:107:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 14: sprintf(buffer, "BSET $%X,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:108:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 15: sprintf(buffer, "BCLR $%X,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:109:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 16: sprintf(buffer, "MULT R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:110:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 17: sprintf(buffer, "IMULT R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:111:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 18: sprintf(buffer, "IMULTN R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:112:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 19: sprintf(buffer, "RESMAC R%02d", reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:113:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 20: sprintf(buffer, "IMACN R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:114:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 21: sprintf(buffer, "DIV R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:115:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 22: sprintf(buffer, "ABS R%02d", reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:116:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 23: sprintf(buffer, "SH R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:117:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 24: sprintf(buffer, "SHLQ $%X,R%02d", 32 - reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:118:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 25: sprintf(buffer, "SHRQ $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:119:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 26: sprintf(buffer, "SHA R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:120:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 27: sprintf(buffer, "SHARQ $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:121:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 28: sprintf(buffer, "ROR R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:122:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 29: sprintf(buffer, "RORQ $%X,R%02d", convert_zero[reg1], reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:123:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 30: sprintf(buffer, "CMP R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:126:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SAT8 R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:128:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SUBQMOD $%X,R%02d", convert_zero[reg1], reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:131:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SAT16 R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:133:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SAT16S R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:135:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 34: sprintf(buffer, "MOVE R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:136:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 35: sprintf(buffer, "MOVEQ %d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:137:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 36: sprintf(buffer, "MOVETA R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:138:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 37: sprintf(buffer, "MOVEFA R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:139:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 38: sprintf(buffer, "MOVEI #$%X,R%02d", ROPCODE(pc) | (ROPCODE(pc+2)<<16), reg2); size = 6; break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:140:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 39: sprintf(buffer, "LOADB (R%02d),R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:141:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 40: sprintf(buffer, "LOADW (R%02d),R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:142:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 41: sprintf(buffer, "LOAD (R%02d),R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:144:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "LOADP (R%02d),R%02d", reg1, reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:146:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SAT32S R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:148:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 43: sprintf(buffer, "LOAD (R14+$%X),R%02d", convert_zero[reg1]*4, reg2);break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:149:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 44: sprintf(buffer, "LOAD (R15+$%X),R%02d", convert_zero[reg1]*4, reg2);break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:150:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 45: sprintf(buffer, "STOREB R%02d,(R%02d)", reg2, reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:151:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 46: sprintf(buffer, "STOREW R%02d,(R%02d)", reg2, reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:152:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 47: sprintf(buffer, "STORE R%02d,(R%02d)", reg2, reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:154:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "STOREP R%02d,(R%02d)", reg2, reg1); data/virtualjaguar-2.1.3/src/jagdasm.cpp:156:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "MIRROR R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:158:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 49: sprintf(buffer, "STORE R%02d,(R14+$%X)", reg2, convert_zero[reg1]*4);break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:159:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 50: sprintf(buffer, "STORE R%02d,(R15+$%X)", reg2, convert_zero[reg1]*4);break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:160:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 51: sprintf(buffer, "MOVE PC,R%02d", reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:163:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 54: sprintf(buffer, "MMULT R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:164:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 55: sprintf(buffer, "MTOI R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:165:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 56: sprintf(buffer, "NORMI R%02d,R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:166:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 57: sprintf(buffer, "NOP"); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:167:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 58: sprintf(buffer, "LOAD (R14+R%02d),R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:168:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 59: sprintf(buffer, "LOAD (R15+R%02d),R%02d", reg1, reg2); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:169:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 60: sprintf(buffer, "STORE R%02d,(R14+R%02d)", reg2, reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:170:12: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. case 61: sprintf(buffer, "STORE R%02d,(R15+R%02d)", reg2, reg1); break; data/virtualjaguar-2.1.3/src/jagdasm.cpp:172:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "SAT24 R%02d", reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:174:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "illegal [%d,%d]", reg1, reg2); data/virtualjaguar-2.1.3/src/jagdasm.cpp:179:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "ADDQMOD $%X,R%02d", convert_zero[reg1], reg2); data/virtualjaguar-2.1.3/src/jaguar.cpp:156:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048]; data/virtualjaguar-2.1.3/src/jaguar.cpp:190:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048]; data/virtualjaguar-2.1.3/src/jaguar.cpp:921:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/virtualjaguar-2.1.3/src/jaguar.cpp:1617:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048];//, mem[64]; data/virtualjaguar-2.1.3/src/jaguar.cpp:1972:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jaguarMainRAM, jagMemSpace + 0xE00000, 8); data/virtualjaguar-2.1.3/src/jaguar.cpp:1980:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(jaguarMainRAM, jagMemSpace + 0xE00000, 8); data/virtualjaguar-2.1.3/src/jaguar.cpp:2149:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen("./memdump.bin", "wb"); data/virtualjaguar-2.1.3/src/jerry.cpp:367:2: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(&jerry_ram_8[0xD000], waveTableROM, 0x1000); data/virtualjaguar-2.1.3/src/log.cpp:34:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). log_stream = fopen(path, "w"); data/virtualjaguar-2.1.3/src/m68000/build68k.c:75:11: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). tablef = fopen("table68k","r"); data/virtualjaguar-2.1.3/src/m68000/build68k.c:90:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char patbits[16]; data/virtualjaguar-2.1.3/src/m68000/build68k.c:91:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char opcstr[256]; data/virtualjaguar-2.1.3/src/m68000/cpuextra.c:156:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char excNames[33][64] = { data/virtualjaguar-2.1.3/src/m68000/cpuextra.c:179:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[128]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:87:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char exactCpuCycles[256]; /* Space to store return string for exact cpu cycles */ data/virtualjaguar-2.1.3/src/m68000/gencpu.c:105:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[20]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:109:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). file = fopen ("frequent.68k", "r"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:138:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char endlabelstr[80]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:195:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[80]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:202:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_ilong_prefetch(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:204:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_ilong(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:210:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[80]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:217:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_iword_prefetch(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:219:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_iword(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:225:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[80]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:232:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_ibyte_prefetch(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:234:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "get_ibyte(%d)", r); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:568:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char getcode[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:573:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (getcode, "m68k_read_memory_32(srca)"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:575:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (getcode, "(int32_t)(int16_t)m68k_read_memory_16(srca)"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:605:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:610:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char putcode[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:615:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (putcode, "m68k_write_memory_32(srca,"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:617:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (putcode, "m68k_write_memory_16(srca,"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:656:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:675:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char vstr[100], sstr[100], dstr[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:676:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char usstr[100], udstr[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:677:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char unsstr[100], undstr[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:681:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (vstr, "((int8_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:682:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (usstr, "((uint8_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:685:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (vstr, "((int16_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:686:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (usstr, "((uint16_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:689:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (vstr, "((int32_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:690:2: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy (usstr, "((uint32_t)("); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:700:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (vstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:702:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (dstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:704:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (sstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:708:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (udstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:710:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (usstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:716:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (undstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:718:5: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. strcat (unsstr, "))"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1675:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1695:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1708:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1722:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(exactCpuCycles," return (%i+retcycles*2);", insn_n_cycles); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1796:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1798:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1837:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1839:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1871:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1873:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1906:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1908:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1938:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1940:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1970:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:1972:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2005:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2007:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2043:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (8+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2045:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(exactCpuCycles," return (6+retcycles*2);"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2651:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char source[100]; data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2655:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (source, "((opcode >> %d) & %d)", pos, smsk); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2657:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (source, "(opcode & %d)", smsk); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2694:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (endlabelstr, "endlabel%d", endlabelno); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2800:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). headerfile = fopen("cputbl.h", "wb"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2801:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). stblfile = fopen("cpustbl.c", "wb"); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[80]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:56:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"D%d", reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:59:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"A%d", reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:62:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"(A%d)", reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:65:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"(A%d)+", reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:68:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"-(A%d)", reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:73:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"(A%d,$%X) == $%lX", reg, disp16 & 0xFFFF, data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:91:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:92:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (name,"A%d, ",reg); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:115:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer,"(A%d, %c%d.%c*%d, $%X) == $%lX", reg, data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:124:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"(PC, $%X) == $%lX", disp16 & 0xFFFF, (unsigned long)addr); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:142:4: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[10]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:143:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (name,"PC, "); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:174:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"(PC, %c%d.%c*%d, $%X) == $%lX", dp & 0x8000 ? 'A' : 'D', data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:180:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"$%lX", (unsigned long)(int32_t)(int16_t)get_iword_1(m68kpc_offset)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:184:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"$%lX", (unsigned long)get_ilong_1(m68kpc_offset)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:191:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%X", (unsigned int)(get_iword_1(m68kpc_offset) & 0xFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:195:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%X", (unsigned int)(get_iword_1(m68kpc_offset) & 0xFFFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:199:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%lX", (unsigned long)(get_ilong_1(m68kpc_offset))); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:209:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%X", (unsigned int)(offset & 0xFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:220:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%X", (unsigned int)(offset & 0xFFFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:226:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%lX", (unsigned long)(offset & 0xFFFFFFFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:230:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer,"#$%lX", (unsigned long)(offset & 0xFFFFFFFF)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:255:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[16]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:279:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "D%d", first); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:284:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "-D%d", first + runLength); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:308:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "A%d", first); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:313:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "-A%d", first + runLength); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:323:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char f[256], str[256]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:324:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char src[256], dst[256]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:335:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char instrname[20]; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:360:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case sz_byte: strcat(str, ".B\t"); break; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:361:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case sz_word: strcat(str, ".W\t"); break; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:362:16: [2] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant string. case sz_long: strcat(str, ".L\t"); break; data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:379:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(f, "$%lX", (long)newpc); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:401:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(f, "%04X ", get_iword_1(pcOffsetSave + opwords * 2)); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:403:4: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(f, " "); data/virtualjaguar-2.1.3/src/m68000/m68kinterface.c:93:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[2048];//, mem[64]; data/virtualjaguar-2.1.3/src/m68000/readcpu.c:269:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mnemonic[10]; data/virtualjaguar-2.1.3/src/m68000/readcpu.h:76:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char bitpos[16]; data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:61:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. #define memcpy q_memcpy data/virtualjaguar-2.1.3/src/m68000/sysdeps.h:65:20: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). #define creat(x,y) open("T:creat",O_CREAT|O_RDWR|O_TRUNC,777) data/virtualjaguar-2.1.3/src/memory.cpp:105:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union u {unsigned long vi; unsigned char c[sizeof(unsigned long)];}; data/virtualjaguar-2.1.3/src/memory.cpp:106:40: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. union v {unsigned long ni; unsigned char d[sizeof(unsigned long)];}; data/virtualjaguar-2.1.3/src/memory.cpp:269:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char * whoName[10] = data/virtualjaguar-2.1.3/src/memory.h:69:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern const char * whoName[10]; data/virtualjaguar-2.1.3/src/memtrack.cpp:42:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mtFilename[MAX_PATH]; data/virtualjaguar-2.1.3/src/memtrack.cpp:52:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(mtFilename, "rb"); data/virtualjaguar-2.1.3/src/memtrack.cpp:85:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE * fp = fopen(mtFilename, "wb"); data/virtualjaguar-2.1.3/src/op.cpp:141:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * opType[8] = data/virtualjaguar-2.1.3/src/op.cpp:143:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * ccType[8] = data/virtualjaguar-2.1.3/src/settings.h:50:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/settings.h:51:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char jagBootPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/settings.h:52:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char CDBootPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/settings.h:53:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char EEPROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/settings.h:54:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char alpineROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/settings.h:55:2: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char absROMPath[MAX_PATH]; data/virtualjaguar-2.1.3/src/tom.cpp:362:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * videoMode_to_str[8] = data/virtualjaguar-2.1.3/src/universalhdr.cpp:17:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char universalCartHeader[0x2000] = { data/virtualjaguar-2.1.3/src/unzip.cpp:87:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char inBuffer[CHUNKSIZE]; data/virtualjaguar-2.1.3/src/wavetable.cpp:20:20: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. /*const*/ unsigned char waveTableROM[4096] = data/virtualjaguar-2.1.3/src/gui/controllertab.cpp:225:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(profile[profileNum].mapName, text.toUtf8().data(), 31); data/virtualjaguar-2.1.3/src/gui/debug/m68kdasmbrowser.cpp:80:18: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(int j=0; j<strlen(string); j++) data/virtualjaguar-2.1.3/src/gui/debug/memorybrowser.cpp:86:5: [1] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source is a constant character. sprintf(buf, "."); data/virtualjaguar-2.1.3/src/gui/debug/riscdasmbrowser.cpp:81:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(uint j=0; j<strlen(string); j++) data/virtualjaguar-2.1.3/src/gui/filethread.cpp:126:8: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). file.read((char *)buffer, fileSize); data/virtualjaguar-2.1.3/src/gui/gamepad.cpp:58:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(padName[i], SDL_JoystickName(i), 127); data/virtualjaguar-2.1.3/src/gui/profile.cpp:243:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(deviceNames[deviceNum], name, 127); data/virtualjaguar-2.1.3/src/jaguar.cpp:471:56: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). Note that we only have to be concerned with 3 entities read/writing anything: data/virtualjaguar-2.1.3/src/m68000/build68k.c:28:12: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nextch = fgetc(tablef); data/virtualjaguar-2.1.3/src/m68000/build68k.c:34:14: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). nextch = fgetc(tablef); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:713:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (unsstr, "-"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:714:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat (undstr, "~"); data/virtualjaguar-2.1.3/src/m68000/gencpu.c:2705:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(exactCpuCycles) > 0) data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:277:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(output, "/"); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:306:5: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(output, "/"); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:353:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(ccpt, ccnames[dp->cc], 2); data/virtualjaguar-2.1.3/src/m68000/m68kdasm.c:363:11: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. default: strcat(str, "\t"); break; data/virtualjaguar-2.1.3/src/m68000/readcpu.c:893:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen(lookuptab[find].name) == 0) data/virtualjaguar-2.1.3/src/m68000/readcpu.c:956:12: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. static int mismatch; data/virtualjaguar-2.1.3/src/m68000/readcpu.c:1121:9: [1] (buffer) mismatch: Function does not check the second iterator for over-read conditions (CWE-126). This function is often discouraged by most C++ coding standards in favor of its safer alternatives provided since C++14. Consider using a form of this function that checks the second iterator before potentially overflowing it. return mismatch; data/virtualjaguar-2.1.3/src/unzip.cpp:27:26: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint32_t n = ((uint32_t)fgetc(fp)); data/virtualjaguar-2.1.3/src/unzip.cpp:28:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n |= ((uint32_t)fgetc(fp)) << 8; data/virtualjaguar-2.1.3/src/unzip.cpp:29:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n |= ((uint32_t)fgetc(fp)) << 16; data/virtualjaguar-2.1.3/src/unzip.cpp:30:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n |= ((uint32_t)fgetc(fp)) << 24; data/virtualjaguar-2.1.3/src/unzip.cpp:38:26: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). uint16_t n = ((uint16_t)fgetc(fp)); data/virtualjaguar-2.1.3/src/unzip.cpp:39:18: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n |= ((uint16_t)fgetc(fp)) << 8; ANALYSIS SUMMARY: Hits = 409 Lines analyzed = 73900 in approximately 9.69 seconds (7623 lines/second) Physical Source Lines of Code (SLOC) = 56129 Hits@level = [0] 802 [1] 26 [2] 314 [3] 2 [4] 67 [5] 0 Hits@level+ = [0+] 1211 [1+] 409 [2+] 383 [3+] 69 [4+] 67 [5+] 0 Hits/KSLOC@level+ = [0+] 21.5753 [1+] 7.28679 [2+] 6.82357 [3+] 1.22931 [4+] 1.19368 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.