Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yabause-0.9.14/src/vdp2.c
Examining data/yabause-0.9.14/src/sndal.h
Examining data/yabause-0.9.14/src/vdp1.h
Examining data/yabause-0.9.14/src/yabause.c
Examining data/yabause-0.9.14/src/m68kd.c
Examining data/yabause-0.9.14/src/m68kd.h
Examining data/yabause-0.9.14/src/titan/titan.c
Examining data/yabause-0.9.14/src/titan/titan.h
Examining data/yabause-0.9.14/src/font.h
Examining data/yabause-0.9.14/src/scsp2.h
Examining data/yabause-0.9.14/src/snddx.c
Examining data/yabause-0.9.14/src/sh2iasm.h
Examining data/yabause-0.9.14/src/screen.h
Examining data/yabause-0.9.14/src/m68kc68k.c
Examining data/yabause-0.9.14/src/yui.h
Examining data/yabause-0.9.14/src/cs1.c
Examining data/yabause-0.9.14/src/vidshared.c
Examining data/yabause-0.9.14/src/sndsdl.h
Examining data/yabause-0.9.14/src/sock-windows.c
Examining data/yabause-0.9.14/src/profile.c
Examining data/yabause-0.9.14/src/debug.c
Examining data/yabause-0.9.14/src/netlink.h
Examining data/yabause-0.9.14/src/scsp.c
Examining data/yabause-0.9.14/src/sh2trace.h
Examining data/yabause-0.9.14/src/sndmac.h
Examining data/yabause-0.9.14/src/memory.h
Examining data/yabause-0.9.14/src/sock-dummy.c
Examining data/yabause-0.9.14/src/c68k/c68k.h
Examining data/yabause-0.9.14/src/c68k/gen68k.h
Examining data/yabause-0.9.14/src/c68k/c68kexec.c
Examining data/yabause-0.9.14/src/c68k/gen68k.c
Examining data/yabause-0.9.14/src/c68k/c68k.c
Examining data/yabause-0.9.14/src/android/jni/sndaudiotrack.c
Examining data/yabause-0.9.14/src/android/jni/yui.c
Examining data/yabause-0.9.14/src/android/jni/miniegl.h
Examining data/yabause-0.9.14/src/android/jni/sndaudiotrack.h
Examining data/yabause-0.9.14/src/sh2iasm.c
Examining data/yabause-0.9.14/src/sndal.c
Examining data/yabause-0.9.14/src/perdx.c
Examining data/yabause-0.9.14/src/vidogl.c
Examining data/yabause-0.9.14/src/smpc.h
Examining data/yabause-0.9.14/src/yabause.h
Examining data/yabause-0.9.14/src/scu.c
Examining data/yabause-0.9.14/src/perlinuxjoy.c
Examining data/yabause-0.9.14/src/cheat.h
Examining data/yabause-0.9.14/src/persdljoy.c
Examining data/yabause-0.9.14/src/cd-freebsd.c
Examining data/yabause-0.9.14/src/peripheral.c
Examining data/yabause-0.9.14/src/cd-macosx.c
Examining data/yabause-0.9.14/src/thr-linux.c
Examining data/yabause-0.9.14/src/dreamcast/viddc.h
Examining data/yabause-0.9.14/src/dreamcast/localtime.h
Examining data/yabause-0.9.14/src/dreamcast/localtime.c
Examining data/yabause-0.9.14/src/dreamcast/viddc.c
Examining data/yabause-0.9.14/src/dreamcast/perdc.c
Examining data/yabause-0.9.14/src/dreamcast/perdc.h
Examining data/yabause-0.9.14/src/dreamcast/yui.c
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec_htab.c
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec_mem.c
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec_htab.h
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec_mem.h
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec.h
Examining data/yabause-0.9.14/src/dreamcast/sh2rec/sh2rec.c
Examining data/yabause-0.9.14/src/vdp2debug.c
Examining data/yabause-0.9.14/src/fakeddk.h
Examining data/yabause-0.9.14/src/sndwav.c
Examining data/yabause-0.9.14/src/movie.h
Examining data/yabause-0.9.14/src/sh2int.c
Examining data/yabause-0.9.14/src/thr-windows.c
Examining data/yabause-0.9.14/src/coffelf.h
Examining data/yabause-0.9.14/src/cd-netbsd.c
Examining data/yabause-0.9.14/src/vidsoft.c
Examining data/yabause-0.9.14/src/sh2d.c
Examining data/yabause-0.9.14/src/scsp.h
Examining data/yabause-0.9.14/src/cs2.c
Examining data/yabause-0.9.14/src/m68kcore.h
Examining data/yabause-0.9.14/src/snddummy.c
Examining data/yabause-0.9.14/src/cdbase.c
Examining data/yabause-0.9.14/src/cs0.h
Examining data/yabause-0.9.14/src/osdcore.h
Examining data/yabause-0.9.14/src/sh-opc.h
Examining data/yabause-0.9.14/src/bios.h
Examining data/yabause-0.9.14/src/gtk/yuish.h
Examining data/yabause-0.9.14/src/gtk/yuiwindow.h
Examining data/yabause-0.9.14/src/gtk/yuiinputentry.h
Examining data/yabause-0.9.14/src/gtk/yuirange.c
Examining data/yabause-0.9.14/src/gtk/gtkglwidget.h
Examining data/yabause-0.9.14/src/gtk/yuiscudsp.h
Examining data/yabause-0.9.14/src/gtk/yuifileentry.c
Examining data/yabause-0.9.14/src/gtk/yuiscsp.h
Examining data/yabause-0.9.14/src/gtk/yuitransfer.c
Examining data/yabause-0.9.14/src/gtk/gtkglwidget.c
Examining data/yabause-0.9.14/src/gtk/main.c
Examining data/yabause-0.9.14/src/gtk/yuiresolution.c
Examining data/yabause-0.9.14/src/gtk/menu.c
Examining data/yabause-0.9.14/src/gtk/yuipage.h
Examining data/yabause-0.9.14/src/gtk/yuiscsp.c
Examining data/yabause-0.9.14/src/gtk/yuiscudsp.c
Examining data/yabause-0.9.14/src/gtk/yuimem.h
Examining data/yabause-0.9.14/src/gtk/yuiscreenshot.c
Examining data/yabause-0.9.14/src/gtk/yuimem.c
Examining data/yabause-0.9.14/src/gtk/yuivdp2.c
Examining data/yabause-0.9.14/src/gtk/yuifileentry.h
Examining data/yabause-0.9.14/src/gtk/yuicheckbutton.h
Examining data/yabause-0.9.14/src/gtk/yuivdp1.h
Examining data/yabause-0.9.14/src/gtk/yuiinputentry.c
Examining data/yabause-0.9.14/src/gtk/yuivdp1.c
Examining data/yabause-0.9.14/src/gtk/pergtk.c
Examining data/yabause-0.9.14/src/gtk/yuirange.h
Examining data/yabause-0.9.14/src/gtk/gtk-compat.c
Examining data/yabause-0.9.14/src/gtk/yuim68k.c
Examining data/yabause-0.9.14/src/gtk/yuivdp2.h
Examining data/yabause-0.9.14/src/gtk/yuish.c
Examining data/yabause-0.9.14/src/gtk/yuiscreenshot.h
Examining data/yabause-0.9.14/src/gtk/yuim68k.h
Examining data/yabause-0.9.14/src/gtk/yuiviewer.c
Examining data/yabause-0.9.14/src/gtk/yuiviewer.h
Examining data/yabause-0.9.14/src/gtk/yuicheckbutton.c
Examining data/yabause-0.9.14/src/gtk/gtk-compat.h
Examining data/yabause-0.9.14/src/gtk/yuitransfer.h
Examining data/yabause-0.9.14/src/gtk/yuiwindow.c
Examining data/yabause-0.9.14/src/gtk/pergtk.h
Examining data/yabause-0.9.14/src/gtk/yuipage.c
Examining data/yabause-0.9.14/src/gtk/yuiresolution.h
Examining data/yabause-0.9.14/src/gtk/settings.c
Examining data/yabause-0.9.14/src/gtk/settings.h
Examining data/yabause-0.9.14/src/osdcore.c
Examining data/yabause-0.9.14/src/cs0.c
Examining data/yabause-0.9.14/src/sndsdl.c
Examining data/yabause-0.9.14/src/error.c
Examining data/yabause-0.9.14/src/coffelf.c
Examining data/yabause-0.9.14/src/netlink.c
Examining data/yabause-0.9.14/src/persdljoy.h
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_arm.h
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_x64.h
Examining data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.h
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_x86.c
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_x86.h
Examining data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_arm.c
Examining data/yabause-0.9.14/src/sh2_dynarec/assem_x64.c
Examining data/yabause-0.9.14/src/thr-macosx.c
Examining data/yabause-0.9.14/src/sh2core.c
Examining data/yabause-0.9.14/src/yglshader.c
Examining data/yabause-0.9.14/src/q68/q68-disasm.c
Examining data/yabause-0.9.14/src/q68/q68-jit.h
Examining data/yabause-0.9.14/src/q68/q68-const.h
Examining data/yabause-0.9.14/src/q68/q68-jit-psp.h
Examining data/yabause-0.9.14/src/q68/q68-core.c
Examining data/yabause-0.9.14/src/q68/q68.h
Examining data/yabause-0.9.14/src/q68/q68.c
Examining data/yabause-0.9.14/src/q68/q68-internal.h
Examining data/yabause-0.9.14/src/q68/q68-jit-x86.h
Examining data/yabause-0.9.14/src/q68/q68-jit.c
Examining data/yabause-0.9.14/src/sh2idle.c
Examining data/yabause-0.9.14/src/scr-x.c
Examining data/yabause-0.9.14/src/scsp2.c
Examining data/yabause-0.9.14/src/macjoy.c
Examining data/yabause-0.9.14/src/cd-windows.c
Examining data/yabause-0.9.14/src/error.h
Examining data/yabause-0.9.14/src/sock.h
Examining data/yabause-0.9.14/src/memory.c
Examining data/yabause-0.9.14/src/perdx.h
Examining data/yabause-0.9.14/src/dx.h
Examining data/yabause-0.9.14/src/qt/Arguments.h
Examining data/yabause-0.9.14/src/qt/QtYabause.h
Examining data/yabause-0.9.14/src/qt/VolatileSettings.h
Examining data/yabause-0.9.14/src/qt/YabauseSoftGL.cpp
Examining data/yabause-0.9.14/src/qt/Settings.h
Examining data/yabause-0.9.14/src/qt/VolatileSettings.cpp
Examining data/yabause-0.9.14/src/qt/YabauseThread.cpp
Examining data/yabause-0.9.14/src/qt/QtYabause.cpp
Examining data/yabause-0.9.14/src/qt/mkspecs/win32-x11-g++/qplatformdefs.h
Examining data/yabause-0.9.14/src/qt/mkspecs/win32-osx-g++/qplatformdefs.h
Examining data/yabause-0.9.14/src/qt/CommonDialogs.cpp
Examining data/yabause-0.9.14/src/qt/CommonDialogs.h
Examining data/yabause-0.9.14/src/qt/YabauseGL.cpp
Examining data/yabause-0.9.14/src/qt/PerQt.c
Examining data/yabause-0.9.14/src/qt/YabauseThread.h
Examining data/yabause-0.9.14/src/qt/Arguments.cpp
Examining data/yabause-0.9.14/src/qt/main.cpp
Examining data/yabause-0.9.14/src/qt/PerQt.h
Examining data/yabause-0.9.14/src/qt/YabauseGL.h
Examining data/yabause-0.9.14/src/qt/ui/UIMemorySearch.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIPadSetting.h
Examining data/yabause-0.9.14/src/qt/ui/UIHexEditor.h
Examining data/yabause-0.9.14/src/qt/ui/UIMemoryTransfer.h
Examining data/yabause-0.9.14/src/qt/ui/UICheatAR.h
Examining data/yabause-0.9.14/src/qt/ui/UI3DControlPadSetting.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP2Viewer.cpp
Examining data/yabause-0.9.14/src/qt/ui/UICheatSearch.h
Examining data/yabause-0.9.14/src/qt/ui/UISettings.h
Examining data/yabause-0.9.14/src/qt/ui/UIMouseSetting.h
Examining data/yabause-0.9.14/src/qt/ui/UIGunSetting.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDisasm.h
Examining data/yabause-0.9.14/src/qt/ui/UIShortcutManager.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIPortManager.h
Examining data/yabause-0.9.14/src/qt/ui/UIWaitInput.h
Examining data/yabause-0.9.14/src/qt/ui/UIMouseSetting.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIMemoryEditor.cpp
Examining data/yabause-0.9.14/src/qt/ui/UICheats.h
Examining data/yabause-0.9.14/src/qt/ui/UIMemoryTransfer.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP1.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSCSP.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIWaitInput.cpp
Examining data/yabause-0.9.14/src/qt/ui/UISettings.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugM68K.h
Examining data/yabause-0.9.14/src/qt/ui/UICheatAR.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSCSP.h
Examining data/yabause-0.9.14/src/qt/ui/UI3DControlPadSetting.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIControllerSetting.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDisasm.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP2.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugCPU.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIGunSetting.h
Examining data/yabause-0.9.14/src/qt/ui/UIMemorySearch.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIMemoryEditor.h
Examining data/yabause-0.9.14/src/qt/ui/UIHexInput.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.h
Examining data/yabause-0.9.14/src/qt/ui/UIControllerSetting.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugCPU.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP2Viewer.h
Examining data/yabause-0.9.14/src/qt/ui/UIAbout.cpp
Examining data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIHexEditor.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIPortManager.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP2.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIYabause.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIBackupRam.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugSH2.h
Examining data/yabause-0.9.14/src/qt/ui/UIShortcutManager.h
Examining data/yabause-0.9.14/src/qt/ui/UIYabause.h
Examining data/yabause-0.9.14/src/qt/ui/UIAbout.h
Examining data/yabause-0.9.14/src/qt/ui/UIDebugVDP1.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIPadSetting.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIBackupRam.cpp
Examining data/yabause-0.9.14/src/qt/ui/UICheatRaw.cpp
Examining data/yabause-0.9.14/src/qt/ui/UICheatRaw.h
Examining data/yabause-0.9.14/src/qt/ui/UICheats.cpp
Examining data/yabause-0.9.14/src/qt/ui/UIHexInput.h
Examining data/yabause-0.9.14/src/qt/Settings.cpp
Examining data/yabause-0.9.14/src/gdb/stub.c
Examining data/yabause-0.9.14/src/gdb/client.h
Examining data/yabause-0.9.14/src/gdb/stub.h
Examining data/yabause-0.9.14/src/gdb/packet.c
Examining data/yabause-0.9.14/src/gdb/client.c
Examining data/yabause-0.9.14/src/gdb/packet.h
Examining data/yabause-0.9.14/src/vdp2debug.h
Examining data/yabause-0.9.14/src/vidogl.h
Examining data/yabause-0.9.14/src/cd-linux.c
Examining data/yabause-0.9.14/src/sh2d.h
Examining data/yabause-0.9.14/src/thr-dummy.c
Examining data/yabause-0.9.14/src/vidshared.h
Examining data/yabause-0.9.14/src/core.h
Examining data/yabause-0.9.14/src/tools/cdtest.c
Examining data/yabause-0.9.14/src/permacjoy.c
Examining data/yabause-0.9.14/src/vdp2.h
Examining data/yabause-0.9.14/src/scu.h
Examining data/yabause-0.9.14/src/sndmac.c
Examining data/yabause-0.9.14/src/permacjoy.h
Examining data/yabause-0.9.14/src/cs1.h
Examining data/yabause-0.9.14/src/threads.h
Examining data/yabause-0.9.14/src/debug.h
Examining data/yabause-0.9.14/src/glext.h
Examining data/yabause-0.9.14/src/cocoa/PerCocoa.h
Examining data/yabause-0.9.14/src/cocoa/YabauseGLView.h
Examining data/yabause-0.9.14/src/cocoa/YabausePrefsController.h
Examining data/yabause-0.9.14/src/cocoa/vidgcd.h
Examining data/yabause-0.9.14/src/cocoa/YabauseController.h
Examining data/yabause-0.9.14/src/cocoa/YabauseButtonFormatter.h
Examining data/yabause-0.9.14/src/cocoa/vidgcd.c
Examining data/yabause-0.9.14/src/cs2.h
Examining data/yabause-0.9.14/src/cheat.c
Examining data/yabause-0.9.14/src/ygl.c
Examining data/yabause-0.9.14/src/m68kcore.c
Examining data/yabause-0.9.14/src/smpc.c
Examining data/yabause-0.9.14/src/ygl.h
Examining data/yabause-0.9.14/src/snddx.h
Examining data/yabause-0.9.14/src/sh2core.h
Examining data/yabause-0.9.14/src/cdbase.h
Examining data/yabause-0.9.14/src/perlinuxjoy.h
Examining data/yabause-0.9.14/src/vdp1.c
Examining data/yabause-0.9.14/src/macjoy.h
Examining data/yabause-0.9.14/src/m68kc68k.h
Examining data/yabause-0.9.14/src/sock-linux.c
Examining data/yabause-0.9.14/src/sh2idle.h
Examining data/yabause-0.9.14/src/sh2trace.c
Examining data/yabause-0.9.14/src/japmodem.h
Examining data/yabause-0.9.14/src/peripheral.h
Examining data/yabause-0.9.14/src/bios.c
Examining data/yabause-0.9.14/src/profile.h
Examining data/yabause-0.9.14/src/vidsoft.h
Examining data/yabause-0.9.14/src/movie.c
Examining data/yabause-0.9.14/src/japmodem.c
Examining data/yabause-0.9.14/src/m68kq68.c
Examining data/yabause-0.9.14/src/sh2int.h
FINAL RESULTS:
data/yabause-0.9.14/src/android/jni/yui.c:122:5: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
int printf( const char * fmt, ... )
data/yabause-0.9.14/src/android/jni/yui.c:348:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(glGetString(GL_VENDOR));
data/yabause-0.9.14/src/android/jni/yui.c:349:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(glGetString(GL_RENDERER));
data/yabause-0.9.14/src/android/jni/yui.c:350:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(glGetString(GL_VERSION));
data/yabause-0.9.14/src/android/jni/yui.c:351:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(glGetString(GL_EXTENSIONS));
data/yabause-0.9.14/src/android/jni/yui.c:352:4: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(eglQueryString(g_Display,EGL_EXTENSIONS));
data/yabause-0.9.14/src/android/jni/yui.c:367:7: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(dlerror());
data/yabause-0.9.14/src/android/jni/yui.c:372:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglGetCurrentDisplay == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:375:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglGetCurrentSurface == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:378:39: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglGetCurrentContext == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:381:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglQuerySurface == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:384:34: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglSwapInterval == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:387:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglMakeCurrent == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:390:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglSwapBuffers == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:393:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglQueryString == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/android/jni/yui.c:396:30: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if( eglGetError == NULL){ printf(dlerror()); return -1; }
data/yabause-0.9.14/src/cd-macosx.c:89:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cdrom_name, _PATH_DEV);
data/yabause-0.9.14/src/cdbase.c:381:11: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (fscanf(iso_file, "%s", temp_buffer) == EOF)
data/yabause-0.9.14/src/cdbase.c:490:7: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(temp_buffer2, p);
data/yabause-0.9.14/src/cdbase.c:621:19: [4] (format) swprintf:
Potential format string problem (CWE-134). Make format string constant.
swprintf(filename, sizeof(filename)/sizeof(wchar_t), L"%S", mds_filename);
data/yabause-0.9.14/src/cdbase.c:623:19: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(ext, img_filename+1);
data/yabause-0.9.14/src/cdbase.c:626:19: [4] (buffer) wcscpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using a function version that stops copying at the end
of the buffer.
wcscpy(filename, img_filename);
data/yabause-0.9.14/src/cdbase.c:646:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, mds_filename);
data/yabause-0.9.14/src/cdbase.c:648:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ext, img_filename+1);
data/yabause-0.9.14/src/cdbase.c:651:19: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(filename, img_filename);
data/yabause-0.9.14/src/core.h:199:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, __VA_ARGS__); \
data/yabause-0.9.14/src/core.h:205:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(s, ## r); \
data/yabause-0.9.14/src/core.h:321:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf sprintf_s
data/yabause-0.9.14/src/cs2.c:3489:23: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
memcpy(cdip->system, buf, 16);
data/yabause-0.9.14/src/cs2.c:3490:16: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
cdip->system[16]='\0';
data/yabause-0.9.14/src/cs2.c:3493:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf+0x20, "%s", cdip->itemnum);
data/yabause-0.9.14/src/cs2.c:3497:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf+0x38, "%s", cdip->cdinfo);
data/yabause-0.9.14/src/cs2.c:3498:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf+0x40, "%s", cdip->region);
data/yabause-0.9.14/src/cs2.c:3499:10: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(buf+0x50, "%s", cdip->peripheral);
data/yabause-0.9.14/src/cs2.h:245:9: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
char system[17];
data/yabause-0.9.14/src/debug.c:139:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(d->output.stream, format, l);
data/yabause-0.9.14/src/debug.c:147:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
i = sprintf(d->output.string, "%s (%s:%ld): ", d->name, file, (long)line);
data/yabause-0.9.14/src/debug.c:148:7: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(d->output.string + i, format, l);
data/yabause-0.9.14/src/debug.c:155:11: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
i = sprintf(strtmp, "%s (%s:%ld): ", d->name, file, (long)line);
data/yabause-0.9.14/src/debug.c:156:12: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
i += vsprintf(strtmp + i, format, l);
data/yabause-0.9.14/src/error.c:40:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string, "%s%s\n", string1, string2);
data/yabause-0.9.14/src/error.c:73:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "%s SH2 invalid opcode\n\n"
data/yabause-0.9.14/src/error.c:127:9: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
n = vsnprintf(NULL, 0, format, l);
data/yabause-0.9.14/src/error.c:133:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(buffer, format, l);
data/yabause-0.9.14/src/glext.h:5729:59: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI GLvoid* APIENTRY glMapBuffer (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:5749:71: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERPROC) (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:6589:62: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI GLvoid* APIENTRY glMapBufferARB (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:6601:74: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERARBPROC) (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:6870:104: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI GLvoid* APIENTRY glMapBufferRange (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/yabause-0.9.14/src/glext.h:6873:116: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPBUFFERRANGEPROC) (GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/yabause-0.9.14/src/glext.h:7690:122: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glBindImageTexture (GLuint unit, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLenum format);
data/yabause-0.9.14/src/glext.h:7693:134: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLBINDIMAGETEXTUREPROC) (GLuint unit, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLenum format);
data/yabause-0.9.14/src/glext.h:10624:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI GLvoid* APIENTRY glMapNamedBufferEXT (GLuint buffer, GLenum access);
data/yabause-0.9.14/src/glext.h:10626:112: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI GLvoid* APIENTRY glMapNamedBufferRangeEXT (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/yabause-0.9.14/src/glext.h:10831:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPNAMEDBUFFEREXTPROC) (GLuint buffer, GLenum access);
data/yabause-0.9.14/src/glext.h:10833:124: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef GLvoid* (APIENTRYP PFNGLMAPNAMEDBUFFERRANGEEXTPROC) (GLuint buffer, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/yabause-0.9.14/src/glext.h:11108:67: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeBufferResidentNV (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:11111:72: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glMakeNamedBufferResidentNV (GLuint buffer, GLenum access);
data/yabause-0.9.14/src/glext.h:11123:79: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKEBUFFERRESIDENTNVPROC) (GLenum target, GLenum access);
data/yabause-0.9.14/src/glext.h:11126:84: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLMAKENAMEDBUFFERRESIDENTNVPROC) (GLuint buffer, GLenum access);
data/yabause-0.9.14/src/glext.h:11192:126: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glBindImageTextureEXT (GLuint index, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLint format);
data/yabause-0.9.14/src/glext.h:11195:138: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLBINDIMAGETEXTUREEXTPROC) (GLuint index, GLuint texture, GLint level, GLboolean layered, GLint layer, GLenum access, GLint format);
data/yabause-0.9.14/src/glext.h:11401:78: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
GLAPI void APIENTRY glVDPAUSurfaceAccessNV (GLvdpauSurfaceNV surface, GLenum access);
data/yabause-0.9.14/src/glext.h:11412:90: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void (APIENTRYP PFNGLVDPAUSURFACEACCESSNVPROC) (GLvdpauSurfaceNV surface, GLenum access);
data/yabause-0.9.14/src/gtk/main.c:385:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Mouse.%s.1", PerMouseNames[i]);
data/yabause-0.9.14/src/gtk/main.c:399:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Pad.%s.1", PerPadNames[i]);
data/yabause-0.9.14/src/gtk/yuiinputentry.c:117:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s.%s.1", group, keys[row]);
data/yabause-0.9.14/src/gtk/yuiinputentry.c:150:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s.%s.1", YUI_INPUT_ENTRY(gtk_widget_get_parent(widget))->group, (char *)name);
data/yabause-0.9.14/src/gtk/yuiinputentry.c:177:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "Pad.%s.1", (char *)name); // should be group.name
data/yabause-0.9.14/src/gtk/yuiinputentry.c:217:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tmp, "%s.%s.1", yie->group, gtk_label_get_text(wlist->data));
data/yabause-0.9.14/src/gtk/yuim68k.c:270:40: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( offset == addr ) { bOnPC = 1; strcpy( curs, tagPC ); curs += strlen(tagPC); }
data/yabause-0.9.14/src/gtk/yuim68k.c:272:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( curs, lineBuf );
data/yabause-0.9.14/src/gtk/yuim68k.c:274:31: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( bOnPC ) { bOnPC = 0; strcpy( curs, tagEnd ); curs += strlen(tagEnd); }
data/yabause-0.9.14/src/gtk/yuipage.c:88:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "<b>%s</b>", name);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:218:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(valuestr, #format, (int)regs->ProgControlPort.part.rreg); \
data/yabause-0.9.14/src/gtk/yuiscudsp.c:222:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(valuestr, #format, (int)regs->rreg); \
data/yabause-0.9.14/src/gtk/yuiscudsp.c:226:3: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(valuestr, #format, (int)(vreg)); \
data/yabause-0.9.14/src/gtk/yuiscudsp.c:312:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( offset + i == addr ) { strcpy( curs, tagPC ); curs += strlen(tagPC); }
data/yabause-0.9.14/src/gtk/yuiscudsp.c:314:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy( curs, lineBuf );
data/yabause-0.9.14/src/gtk/yuiscudsp.c:316:33: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if ( offset + i == addr ) { strcpy( curs, tagEnd ); curs += strlen(tagEnd); }
data/yabause-0.9.14/src/memory.c:1367:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s\\%s_%03d.yss", dirpath, cdip->itemnum, slot);
data/yabause-0.9.14/src/memory.c:1369:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s_%03d.yss", dirpath, cdip->itemnum, slot);
data/yabause-0.9.14/src/memory.c:1384:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s\\%s_%03d.yss", dirpath, cdip->itemnum, slot);
data/yabause-0.9.14/src/memory.c:1386:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename, "%s/%s_%03d.yss", dirpath, cdip->itemnum, slot);
data/yabause-0.9.14/src/memory.c:1457:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)buf, searchstr);
data/yabause-0.9.14/src/movie.c:105:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, Spaces[x]);
data/yabause-0.9.14/src/movie.c:108:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, Buttons[x]);
data/yabause-0.9.14/src/movie.c:115:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, Spaces2[x]);
data/yabause-0.9.14/src/movie.c:118:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(str, Buttons2[x]);
data/yabause-0.9.14/src/movie.c:122:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(InputDisplayString, str);
data/yabause-0.9.14/src/movie.c:313:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, filename);
data/yabause-0.9.14/src/movie.c:341:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, filename);
data/yabause-0.9.14/src/movie.c:434:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(retbuf, "%smovie", filename);
data/yabause-0.9.14/src/netlink.c:183:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy((char *)&NetlinkArea->outbuffer[NetlinkArea->outbufferend], string);
data/yabause-0.9.14/src/netlink.c:417:34: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NetlinkArea->portstring, p+1);
data/yabause-0.9.14/src/netlink.c:419:31: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NetlinkArea->ipstring, ipstring);
data/yabause-0.9.14/src/netlink.c:671:10: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NetlinkArea->ipstring, setting);
data/yabause-0.9.14/src/netlink.c:681:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(NetlinkArea->portstring, p+1);
data/yabause-0.9.14/src/netlink.c:984:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(connect->ip, ip);
data/yabause-0.9.14/src/osdcore.c:121:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(message, format, arglist);
data/yabause-0.9.14/src/perdx.c:308:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Input. DirectInput8Create error: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/profile.c:63:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (g_tag [g_i_hwm].str_name, str_tag) ;
data/yabause-0.9.14/src/q68/q68-disasm.c:424:15: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
outlen += snprintf(&outbuf[outlen], sizeof(outbuf)-outlen, \
data/yabause-0.9.14/src/q68/q68-disasm.c:734:23: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logfile = popen("gzip -3 >q68.log.gz", "w");
data/yabause-0.9.14/src/qt/mkspecs/win32-osx-g++/qplatformdefs.h:153:24: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define QT_SNPRINTF ::_snprintf
data/yabause-0.9.14/src/qt/mkspecs/win32-x11-g++/qplatformdefs.h:153:24: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define QT_SNPRINTF ::_snprintf
data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp:138:15: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf("%08X", search[j].results[i].addr);
data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp:144:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf("%d", MappedMemoryReadByte(search[j].results[i].addr));
data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp:147:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf("%d", MappedMemoryReadWord(search[j].results[i].addr));
data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp:150:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf("%d", MappedMemoryReadLong(search[j].results[i].addr));
data/yabause-0.9.14/src/qt/ui/UICheatSearch.cpp:285:6: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
s.sprintf("%X", currentItem->text(1).toUInt());
data/yabause-0.9.14/src/qt/ui/UIDebugCPU.cpp:316:7: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("%08X", addr);
data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp:57:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp:88:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("D%d = %08X", i, (int)regs.D[i]);
data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp:95:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("A%d = %08X", i, (int)regs.A[i]);
data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp:100:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("SR = %08X", (int)regs.SR);
data/yabause-0.9.14/src/qt/ui/UIDebugM68K.cpp:104:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PC = %08X", (int)regs.PC);
data/yabause-0.9.14/src/qt/ui/UIDebugSCSP.cpp:77:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("channel%02d.wav", sbSlotNumber->value());
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:78:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:105:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PR = %d EP = %d", regs.ProgControlPort.part.PR, regs.ProgControlPort.part.EP);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:108:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("T0 = %d S = %d", regs.ProgControlPort.part.T0, regs.ProgControlPort.part.S);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:111:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("Z = %d C = %d", regs.ProgControlPort.part.Z, regs.ProgControlPort.part.C);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:114:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("V = %d E = %d", regs.ProgControlPort.part.V, regs.ProgControlPort.part.E);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:117:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("ES = %d EX = %d", regs.ProgControlPort.part.ES, regs.ProgControlPort.part.EX);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:120:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("LE = %d", regs.ProgControlPort.part.LE);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:123:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("P = %02X", regs.ProgControlPort.part.P);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:126:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("TOP = %02X", regs.TOP);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:129:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("LOP = %02X", regs.LOP);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:132:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("CT = %02X:%02X:%02X:%02X", regs.CT[0], regs.CT[1], regs.CT[2], regs.CT[3]);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:135:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("RA = %08lX", regs.RA0);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:138:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("WA = %08lX", regs.WA0);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:141:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("RX = %08lX", regs.RX);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:144:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("RY = %08lX", regs.RX);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:147:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PH = %04X", regs.P.part.H & 0xFFFF);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:150:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PL = %08X", (int)(regs.P.part.L & 0xFFFFFFFF));
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:153:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("ACH = %04X", regs.AC.part.H & 0xFFFF);
data/yabause-0.9.14/src/qt/ui/UIDebugSCUDSP.cpp:156:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("ACL = %08X", (int)(regs.AC.part.L & 0xFFFFFFFF));
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:69:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:75:18: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf("%08X", (int)mbp[i].addr);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:118:11: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("R%02d = %08X", i, (int)sh2regs.R[i]);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:123:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("SR = %08X", (int)sh2regs.SR.all);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:127:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("GBR = %08X", (int)sh2regs.GBR);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:131:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("VBR = %08X", (int)sh2regs.VBR);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:135:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("MACH = %08X", (int)sh2regs.MACH);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:139:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("MACL = %08X", (int)sh2regs.MACL);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:143:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PR = %08X", (int)sh2regs.PR);
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:147:8: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
str.sprintf("PC = %08X", (int)sh2regs.PC);
data/yabause-0.9.14/src/qt/ui/UIHexInput.cpp:32:9: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
text.sprintf(format, value);
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:175:8: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(buffer, "drive name:%s", drive_name) == 1) {
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:176:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(drive_path, "/dev/%s", drive_name);
data/yabause-0.9.14/src/scu.c:1494:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV %s, X", disd1bussrc((instruction >> 20) & 0x7));
data/yabause-0.9.14/src/scu.c:1512:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV %s, P", disd1bussrc((instruction >> 20) & 0x7));
data/yabause-0.9.14/src/scu.c:1527:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV %s, Y", disd1bussrc((instruction >> 14) & 0x7));
data/yabause-0.9.14/src/scu.c:1550:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV %s, A", disd1bussrc((instruction >> 14) & 0x7));
data/yabause-0.9.14/src/scu.c:1566:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV #$%02X, %s", (unsigned int)instruction & 0xFF, disd1busdest((instruction >> 8) & 0xF));
data/yabause-0.9.14/src/scu.c:1570:16: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MOV %s, %s", disd1bussrc(instruction & 0xF), disd1busdest((instruction >> 8) & 0xF));
data/yabause-0.9.14/src/scu.c:1584:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,NZ", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1587:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,NS", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1590:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,NZS", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1593:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,NC", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1596:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,NT0", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1599:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,Z", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1602:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,S", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1605:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,ZS", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1608:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,C", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1611:19: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s,T0", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1618:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "MVI #$%05X,%s", (unsigned int)instruction & 0x7FFFF, disloadimdest((instruction >> 26) & 0xF));
data/yabause-0.9.14/src/scu.c:1684:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "%s, D0, %s", disdmaram((instruction >> 8) & 0x7), disd1bussrc(instruction & 0x7));
data/yabause-0.9.14/src/scu.c:1686:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "D0, %s, %s", disdmaram((instruction >> 8) & 0x7), disd1bussrc(instruction & 0x7));
data/yabause-0.9.14/src/scu.c:1692:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "%s, D0, #$%02X", disdmaram((instruction >> 8) & 0x7), (int)(instruction & 0xFF));
data/yabause-0.9.14/src/scu.c:1694:22: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(outstring, "D0, %s, #$%02X", disdmaram((instruction >> 8) & 0x7), (int)(instruction & 0xFF));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:7656:33: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if((void*)assem_debug==(void*)printf)
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:7812:35: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if((void*)assem_debug==(void*)printf) disassemble_inst(i);
data/yabause-0.9.14/src/sh2d.c:206:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string,"%s", tab[i].mnem);
data/yabause-0.9.14/src/sh2d.c:208:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op >> 8) & 0xf);
data/yabause-0.9.14/src/sh2d.c:210:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op >> 8) & 0xf);
data/yabause-0.9.14/src/sh2d.c:212:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op >> 4) & 0xf, (op >> 8) & 0xf);
data/yabause-0.9.14/src/sh2d.c:216:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xf) * 2, (op >> 4) & 0xf);
data/yabause-0.9.14/src/sh2d.c:218:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, op & 0xf, (op >> 4) & 0xf);
data/yabause-0.9.14/src/sh2d.c:223:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xf) * 2, (op >> 4) & 0xf);
data/yabause-0.9.14/src/sh2d.c:225:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xf), (op >> 4) & 0xf);
data/yabause-0.9.14/src/sh2d.c:230:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op >> 4) & 0xf,
data/yabause-0.9.14/src/sh2d.c:233:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xf) * 4,
data/yabause-0.9.14/src/sh2d.c:242:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xff) * tab[i].dat + 4);
data/yabause-0.9.14/src/sh2d.c:249:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xff) * tab[i].dat);
data/yabause-0.9.14/src/sh2d.c:254:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (((op & 0xff) + 0xffffff00) * 2) + v_addr + 4);
data/yabause-0.9.14/src/sh2d.c:256:19: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem,((op & 0xff) * 2) + v_addr + 4);
data/yabause-0.9.14/src/sh2d.c:262:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, ((op & 0xfff) + 0xfffff000) * 2 + v_addr + 4);
data/yabause-0.9.14/src/sh2d.c:264:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xfff) * 2 + v_addr + 4);
data/yabause-0.9.14/src/sh2d.c:270:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xff) * tab[i].dat + 4, (op >> 8) & 0xf);
data/yabause-0.9.14/src/sh2d.c:276:16: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, (op & 0xff) * tab[i].dat + 4,
data/yabause-0.9.14/src/sh2d.c:285:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, op & 0xff);
data/yabause-0.9.14/src/sh2d.c:287:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(string,tab[i].mnem, op & 0xff, (op >> 8) & 0xf);
data/yabause-0.9.14/src/sh2iasm.c:498:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(err_msg, "ERROR : %s", str);
data/yabause-0.9.14/src/sh2iasm.c:970:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s1,arg1);
data/yabause-0.9.14/src/sh2iasm.c:971:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2,arg2);
data/yabause-0.9.14/src/sh2trace.c:211:23: [4] (shell) popen:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
logfile = popen(cmdbuf, "w");
data/yabause-0.9.14/src/snddx.c:81:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. DirectSound8Create error: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/snddx.c:88:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. IDirectSound8_SetCooperativeLevel error: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/snddx.c:101:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. Error when creating primary sound buffer: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/snddx.c:119:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. IDirectSoundBuffer8_SetFormat error: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/snddx.c:146:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. Error when creating secondary sound buffer: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/snddx.c:153:10: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(tempstr, "Sound. Error when creating secondary sound buffer: %s - %s", DXGetErrorString8(ret), DXGetErrorDescription8(ret));
data/yabause-0.9.14/src/cd-windows.c:98:2: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&cd_cs);
data/yabause-0.9.14/src/cd-windows.c:134:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection (&cd_cs);
data/yabause-0.9.14/src/cd-windows.c:247:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cd_cs);
data/yabause-0.9.14/src/cd-windows.c:318:3: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cd_cs);
data/yabause-0.9.14/src/cd-windows.c:345:2: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&cd_cs);
data/yabause-0.9.14/src/dreamcast/yui.c:132:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/yabause-0.9.14/src/thr-windows.c:48:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&hnds->mutex);
data/yabause-0.9.14/src/thr-windows.c:74:4: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&thread_handle[id].mutex);
data/yabause-0.9.14/src/android/jni/yui.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpegpath[256] = "\0";
data/yabause-0.9.14/src/android/jni/yui.c:57:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cartpath[256] = "\0";
data/yabause-0.9.14/src/bios.c:1118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[12];
data/yabause-0.9.14/src/bios.c:1682:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device[0].name, "Internal Backup RAM");
data/yabause-0.9.14/src/bios.c:1687:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(device[1].name, "%d Mbit Backup RAM Cartridge", 1 << ((CartridgeArea->cartid & 0xF)+1));
data/yabause-0.9.14/src/bios.c:1881:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/bios.h:31:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[12];
data/yabause-0.9.14/src/bios.h:32:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[11];
data/yabause-0.9.14/src/bios.h:47:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/yabause-0.9.14/src/c68k/c68kexec.c:152:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!f) f = fopen("c68k.log", "w");
data/yabause-0.9.14/src/c68k/c68kexec.c:154:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(state.D, CPU->D, 16*4);
data/yabause-0.9.14/src/c68k/gen68k.c:3727:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[16];
data/yabause-0.9.14/src/c68k/gen68k.c:3729:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(fn, "c68k_op%.1X.inc", (int)i);
data/yabause-0.9.14/src/c68k/gen68k.c:3730:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
opcode_file = fopen(fn, "wt");
data/yabause-0.9.14/src/c68k/gen68k.c:3739:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ini_file = fopen("c68k_ini.inc", "wt");
data/yabause-0.9.14/src/cd-freebsd.c:57:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hCDROM = open(cdrom_name, O_RDONLY | O_NONBLOCK)) == -1) {
data/yabause-0.9.14/src/cd-linux.c:57:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hCDROM = open(cdrom_name, O_RDONLY | O_NONBLOCK)) == -1) {
data/yabause-0.9.14/src/cd-linux.c:158:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bigbuf[2352];
data/yabause-0.9.14/src/cd-linux.c:171:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, position.bigbuf, 2352);
data/yabause-0.9.14/src/cd-macosx.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdrom_name[ MAXPATHLEN ];
data/yabause-0.9.14/src/cd-macosx.c:101:16: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hCDROM = open(cdrom_name, O_RDONLY)) == -1)
data/yabause-0.9.14/src/cd-macosx.c:213:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cache + (blockSize * (FAD - cacheFAD)), blockSize);
data/yabause-0.9.14/src/cd-netbsd.c:54:22: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hCDROM = open(cdrom_name, O_RDONLY | O_NONBLOCK)) == -1) {
data/yabause-0.9.14/src/cd-netbsd.c:154:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, syncHdr, sizeof (syncHdr));
data/yabause-0.9.14/src/cd-windows.c:50:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char data[2352];
data/yabause-0.9.14/src/cd-windows.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pipe_name[7];
data/yabause-0.9.14/src/cd-windows.c:82:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pipe_name, "\\\\.\\?:");
data/yabause-0.9.14/src/cd-windows.c:131:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char statusbuf[8];
data/yabause-0.9.14/src/cd-windows.c:324:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, cd_buf.data, 2352);
data/yabause-0.9.14/src/cdbase.c:66:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(path, mode);
data/yabause-0.9.14/src/cdbase.c:395:44: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
trk[track_num-1].sector_size = atoi(temp_buffer + 6);
data/yabause-0.9.14/src/cdbase.c:447:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((bin_file = fopen(temp_buffer, "rb")) == NULL)
data/yabause-0.9.14/src/cdbase.c:493:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bin_file = fopen(temp_buffer2, "rb");
data/yabause-0.9.14/src/cdbase.c:530:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(disc.session[0].track, trk, track_num * sizeof(track_info_struct));
data/yabause-0.9.14/src/cdbase.c:607:16: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t filename[512];
data/yabause-0.9.14/src/cdbase.c:608:16: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t img_filename[512];
data/yabause-0.9.14/src/cdbase.c:632:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/yabause-0.9.14/src/cdbase.c:633:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char img_filename[512];
data/yabause-0.9.14/src/cdbase.c:653:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/yabause-0.9.14/src/cdbase.c:821:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[6];
data/yabause-0.9.14/src/cdbase.c:832:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!(iso_file = fopen(iso, "rb")))
data/yabause-0.9.14/src/cdbase.c:915:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(TOC, isoTOC, 0xCC * 2);
data/yabause-0.9.14/src/cdbase.c:986:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, syncHdr, 12);
data/yabause-0.9.14/src/cheat.c:177:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cheatlist[i], &cheatlist[i+1], sizeof(cheatlist_struct));
data/yabause-0.9.14/src/cheat.c:292:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/cheat.c:307:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cheat, &cheatlist[i], sizeof(cheatlist_struct));
data/yabause-0.9.14/src/cheat.c:334:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/yabause-0.9.14/src/cheat.c:335:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char desc[256];
data/yabause-0.9.14/src/cheat.c:341:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/coffelf.c:122:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/coffelf.c:232:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(filename, "rb");
data/yabause-0.9.14/src/core.h:175:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/yabause-0.9.14/src/cs2.c:417:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest8, src, copy);
data/yabause-0.9.14/src/cs2.c:2719:37: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (Cs2Area->mpegpath && (mpgfp = fopen(Cs2Area->mpegpath, "rb")) != NULL)
data/yabause-0.9.14/src/cs2.c:2983:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:2987:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:2991:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:2995:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:2999:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3003:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fltpartition->block[fltpartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3080:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dirrec->name, buffer, dirrec->namelength);
data/yabause-0.9.14/src/cs2.c:3334:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syncheader[12] = { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
data/yabause-0.9.14/src/cs2.c:3359:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rufspartition->block[rufspartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3366:26: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rufspartition->block[rufspartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3373:23: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rufspartition->block[rufspartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3379:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rufspartition->block[rufspartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3384:20: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rufspartition->block[rufspartition->numblocks]->data,
data/yabause-0.9.14/src/cs2.c:3420:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syncheader[12] = { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
data/yabause-0.9.14/src/cs2.c:3489:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdip->system, buf, 16);
data/yabause-0.9.14/src/cs2.c:3491:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdip->company, buf+0x10, 16);
data/yabause-0.9.14/src/cs2.c:3494:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdip->version, buf+0x2A, 6);
data/yabause-0.9.14/src/cs2.c:3496:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(cdip->date, "%c%c/%c%c/%c%c%c%c", buf[0x34], buf[0x35], buf[0x36], buf[0x37], buf[0x30], buf[0x31], buf[0x32], buf[0x33]);
data/yabause-0.9.14/src/cs2.c:3500:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdip->gamename, buf+0x60, 112);
data/yabause-0.9.14/src/cs2.c:3503:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cdip->ipsize, buf+0xE0, sizeof(u32));
data/yabause-0.9.14/src/cs2.c:3504:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cdip->msh2stack, buf+0xE8, sizeof(u32));
data/yabause-0.9.14/src/cs2.c:3505:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cdip->ssh2stack, buf+0xEC, sizeof(u32));
data/yabause-0.9.14/src/cs2.c:3506:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cdip->firstprogaddr, buf+0xF0, sizeof(u32));
data/yabause-0.9.14/src/cs2.c:3507:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&cdip->firstprogsize, buf+0xF4, sizeof(u32));
data/yabause-0.9.14/src/cs2.h:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/yabause-0.9.14/src/cs2.h:245:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char system[17];
data/yabause-0.9.14/src/cs2.h:246:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char company[17];
data/yabause-0.9.14/src/cs2.h:247:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char itemnum[11];
data/yabause-0.9.14/src/cs2.h:248:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[7];
data/yabause-0.9.14/src/cs2.h:249:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char date[11];
data/yabause-0.9.14/src/cs2.h:250:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cdinfo[9];
data/yabause-0.9.14/src/cs2.h:251:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char region[11];
data/yabause-0.9.14/src/cs2.h:252:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char peripheral[17];
data/yabause-0.9.14/src/cs2.h:253:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamename[113];
data/yabause-0.9.14/src/debug.c:49:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->output.stream = fopen(s, "w");
data/yabause-0.9.14/src/debug.c:103:22: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
d->output.stream = fopen(s, "w");
data/yabause-0.9.14/src/debug.c:124:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char strtmp[512];
data/yabause-0.9.14/src/dreamcast/yui.c:148:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen("/cd/saturn.bin", "r");
data/yabause-0.9.14/src/error.c:50:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[512];
data/yabause-0.9.14/src/gdb/client.c:32:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[184+1];
data/yabause-0.9.14/src/gdb/client.c:35:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * i, "%08x", client->context->regs.R[i]);
data/yabause-0.9.14/src/gdb/client.c:37:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 16, "%08x", client->context->regs.PC);
data/yabause-0.9.14/src/gdb/client.c:38:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 17, "%08x", client->context->regs.PR);
data/yabause-0.9.14/src/gdb/client.c:39:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 18, "%08x", client->context->regs.GBR);
data/yabause-0.9.14/src/gdb/client.c:40:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 19, "%08x", client->context->regs.VBR);
data/yabause-0.9.14/src/gdb/client.c:41:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 20, "%08x", client->context->regs.MACH);
data/yabause-0.9.14/src/gdb/client.c:42:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 21, "%08x", client->context->regs.MACL);
data/yabause-0.9.14/src/gdb/client.c:43:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + 8 * 22, "%08x", client->context->regs.SR);
data/yabause-0.9.14/src/gdb/client.c:81:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%08x", val);
data/yabause-0.9.14/src/gdb/client.c:89:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%04x", val);
data/yabause-0.9.14/src/gdb/client.c:94:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(pos, "%02x", val);
data/yabause-0.9.14/src/gdb/client.c:145:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer + 1, message, msglen);
data/yabause-0.9.14/src/gdb/client.c:147:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer + msglen + 2, "%02x", checksum);
data/yabause-0.9.14/src/gdb/packet.h:11:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[2048];
data/yabause-0.9.14/src/gdb/packet.h:14:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checksum[2];
data/yabause-0.9.14/src/gdb/stub.c:24:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/yabause-0.9.14/src/gtk/gtk-compat.c:24:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * file = fopen(filename, "w");
data/yabause-0.9.14/src/gtk/main.c:49:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char biospath[256] = "\0";
data/yabause-0.9.14/src/gtk/main.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cdpath[256] = "\0";
data/yabause-0.9.14/src/gtk/main.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buppath[256] = "\0";
data/yabause-0.9.14/src/gtk/main.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mpegpath[256] = "\0";
data/yabause-0.9.14/src/gtk/main.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cartpath[256] = "\0";
data/yabause-0.9.14/src/gtk/main.c:383:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/main.c:397:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/main.c:537:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binname[1024];
data/yabause-0.9.14/src/gtk/settings.c:56:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/yabause-0.9.14/src/gtk/settings.c:58:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", core->id);
data/yabause-0.9.14/src/gtk/yuiinputentry.c:106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/yuiinputentry.c:120:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[50];
data/yabause-0.9.14/src/gtk/yuiinputentry.c:144:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/yuiinputentry.c:175:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/yuiinputentry.c:210:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[100];
data/yabause-0.9.14/src/gtk/yuim68k.c:166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr, "%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/gtk/yuim68k.c:209:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regstr[32];
data/yabause-0.9.14/src/gtk/yuim68k.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuestr[32];
data/yabause-0.9.14/src/gtk/yuim68k.c:217:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(regstr, "D%d", i );
data/yabause-0.9.14/src/gtk/yuim68k.c:218:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08x", (int)regs->D[i]);
data/yabause-0.9.14/src/gtk/yuim68k.c:224:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(regstr, "A%d", i );
data/yabause-0.9.14/src/gtk/yuim68k.c:225:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08x", (int)regs->A[i]);
data/yabause-0.9.14/src/gtk/yuim68k.c:230:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08x", (int)regs->SR);
data/yabause-0.9.14/src/gtk/yuim68k.c:234:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08x", (int)regs->PC);
data/yabause-0.9.14/src/gtk/yuim68k.c:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[64*24+40];
data/yabause-0.9.14/src/gtk/yuim68k.c:260:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[64];
data/yabause-0.9.14/src/gtk/yuim68k.c:294:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bptext[10];
data/yabause-0.9.14/src/gtk/yuim68k.c:296:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuim68k.c:303:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bptext, "%08X", (int)addr);
data/yabause-0.9.14/src/gtk/yuim68k.c:317:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bptext[10];
data/yabause-0.9.14/src/gtk/yuim68k.c:319:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuim68k.c:329:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bptext, "%08X", (int)addr);
data/yabause-0.9.14/src/gtk/yuim68k.c:331:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
} else strcpy(bptext,"<empty>");
data/yabause-0.9.14/src/gtk/yuimem.c:255:12: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
gint i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuimem.c:284:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address[10];
data/yabause-0.9.14/src/gtk/yuimem.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dump[30];
data/yabause-0.9.14/src/gtk/yuimem.c:290:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address, "%08x", ym->address + (8 * i));
data/yabause-0.9.14/src/gtk/yuimem.c:292:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dump + (j * 3), "%02x ", MappedMemoryReadByte(ym->address + (8 * i) + j));
data/yabause-0.9.14/src/gtk/yuimem.c:299:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf( address, "%08X", ym->address );
data/yabause-0.9.14/src/gtk/yuiscudsp.c:166:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr, "%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuestr[32];
data/yabause-0.9.14/src/gtk/yuiscudsp.c:213:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%d", regs->ProgControlPort.part.PR);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:243:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08X", (int)(((u32)(regs->CT[0]))<<24 | ((u32)(regs->CT[1]))<<16 | ((u32)(regs->CT[2]))<<8 | ((u32)(regs->CT[3]))) );
data/yabause-0.9.14/src/gtk/yuiscudsp.c:301:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100*24+40];
data/yabause-0.9.14/src/gtk/yuiscudsp.c:303:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[100];
data/yabause-0.9.14/src/gtk/yuiscudsp.c:337:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bptext[10];
data/yabause-0.9.14/src/gtk/yuiscudsp.c:339:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:346:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bptext, "%08X", (int)addr);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:360:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bptext[10];
data/yabause-0.9.14/src/gtk/yuiscudsp.c:362:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:372:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bptext, "%08X", (int)addr);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:374:10: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
} else strcpy(bptext,"<empty>");
data/yabause-0.9.14/src/gtk/yuish.c:416:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regstr[32];
data/yabause-0.9.14/src/gtk/yuish.c:417:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valuestr[32];
data/yabause-0.9.14/src/gtk/yuish.c:421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(regstr, "R%02d", i);
data/yabause-0.9.14/src/gtk/yuish.c:422:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08X", (int)regs->R[i] );
data/yabause-0.9.14/src/gtk/yuish.c:430:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(valuestr, "%08X", (int)regs->rreg); \
data/yabause-0.9.14/src/gtk/yuish.c:477:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr, "%08X", (int)cbp[i].addr);
data/yabause-0.9.14/src/gtk/yuish.c:502:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(tempstr, "%08X", (int)cmbp[i].addr);
data/yabause-0.9.14/src/gtk/yuish.c:521:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[64];
data/yabause-0.9.14/src/gtk/yuish.c:525:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char address_s[20];
data/yabause-0.9.14/src/gtk/yuish.c:526:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command_s[64];
data/yabause-0.9.14/src/gtk/yuish.c:541:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(address_s, "0x%08X", address);
data/yabause-0.9.14/src/gtk/yuish.c:573:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bptext[10];
data/yabause-0.9.14/src/gtk/yuish.c:575:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
int i = atoi(arg1);
data/yabause-0.9.14/src/gtk/yuish.c:582:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bptext, "%08X", (int)addr);
data/yabause-0.9.14/src/gtk/yuiwindow.c:147:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[512];
data/yabause-0.9.14/src/gtk/yuiwindow.c:151:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", x);
data/yabause-0.9.14/src/gtk/yuiwindow.c:153:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%d", y);
data/yabause-0.9.14/src/japmodem.h:25:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char flash[0x20000];
data/yabause-0.9.14/src/m68kd.c:43:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".b ");
data/yabause-0.9.14/src/m68kd.c:45:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".w ");
data/yabause-0.9.14/src/m68kd.c:47:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".l ");
data/yabause-0.9.14/src/m68kd.c:60:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".b ");
data/yabause-0.9.14/src/m68kd.c:62:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".w ");
data/yabause-0.9.14/src/m68kd.c:64:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".l ");
data/yabause-0.9.14/src/m68kd.c:78:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "#0x%X", (unsigned int)(c68k_word_read(addr) & 0xFF));
data/yabause-0.9.14/src/m68kd.c:81:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "#0x%X", (unsigned int)c68k_word_read(addr));
data/yabause-0.9.14/src/m68kd.c:84:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "#0x%X", (unsigned int)((c68k_word_read(addr) << 16) | c68k_word_read(addr+2)));
data/yabause-0.9.14/src/m68kd.c:98:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "d%d", modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:101:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "a%d", modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:104:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "(a%d)", modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:107:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "(a%d)+", modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:110:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "-(a%d)", modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:114:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "0x%X(a%d)", (unsigned int)c68k_word_read(addr), modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:119:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "0x%X(a%d, Xn)", (unsigned int)(c68k_word_read(addr) & 0xFF), modereg & 0x7);
data/yabause-0.9.14/src/m68kd.c:126:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "(0x%X).w", (unsigned int)c68k_word_read(addr));
data/yabause-0.9.14/src/m68kd.c:130:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "(0x%X).l", (unsigned int)((c68k_word_read(addr) << 16) | c68k_word_read(addr+2)));
data/yabause-0.9.14/src/m68kd.c:134:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "#0x%X", (unsigned int)c68k_word_read(addr));
data/yabause-0.9.14/src/m68kd.c:138:23: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "0x%X(PC)", (unsigned int)c68k_word_read(addr));
data/yabause-0.9.14/src/m68kd.c:159:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "t ");
data/yabause-0.9.14/src/m68kd.c:162:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "f ");
data/yabause-0.9.14/src/m68kd.c:165:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "hi");
data/yabause-0.9.14/src/m68kd.c:168:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "ls");
data/yabause-0.9.14/src/m68kd.c:171:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "cc");
data/yabause-0.9.14/src/m68kd.c:174:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "cs");
data/yabause-0.9.14/src/m68kd.c:177:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "ne");
data/yabause-0.9.14/src/m68kd.c:180:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "eq");
data/yabause-0.9.14/src/m68kd.c:183:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "vc");
data/yabause-0.9.14/src/m68kd.c:186:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "vs");
data/yabause-0.9.14/src/m68kd.c:189:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "pl");
data/yabause-0.9.14/src/m68kd.c:192:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "mi");
data/yabause-0.9.14/src/m68kd.c:195:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "ge");
data/yabause-0.9.14/src/m68kd.c:198:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "lt");
data/yabause-0.9.14/src/m68kd.c:201:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "gt");
data/yabause-0.9.14/src/m68kd.c:204:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, "le");
data/yabause-0.9.14/src/m68kd.c:219:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".l %X", (unsigned int)(addr + ((c68k_word_read(addr) << 16) | c68k_word_read(addr+2))));
data/yabause-0.9.14/src/m68kd.c:225:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".w %X", (unsigned int)((s32)addr + (s32)(s16)c68k_word_read(addr)));
data/yabause-0.9.14/src/m68kd.c:229:11: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
return sprintf(outstring, ".s %X", (unsigned int)((s32)addr + (s32)(s8)(op & 0xFF)));
data/yabause-0.9.14/src/m68kd.c:238:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "abcd");
data/yabause-0.9.14/src/m68kd.c:249:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "add");
data/yabause-0.9.14/src/m68kd.c:251:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:256:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "d%d, ", (op >> 9) & 7);
data/yabause-0.9.14/src/m68kd.c:263:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, ", d%d", (op >> 9) & 7);
data/yabause-0.9.14/src/m68kd.c:275:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "adda");
data/yabause-0.9.14/src/m68kd.c:277:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ".w ");
data/yabause-0.9.14/src/m68kd.c:279:20: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ".l ");
data/yabause-0.9.14/src/m68kd.c:281:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", a%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:291:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "addi");
data/yabause-0.9.14/src/m68kd.c:294:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:305:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "addq");
data/yabause-0.9.14/src/m68kd.c:308:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "#%d, ", (op >> 9) & 7); // fix me
data/yabause-0.9.14/src/m68kd.c:319:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "addx");
data/yabause-0.9.14/src/m68kd.c:330:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "and");
data/yabause-0.9.14/src/m68kd.c:341:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "andi");
data/yabause-0.9.14/src/m68kd.c:345:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:356:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "andi to CCR");
data/yabause-0.9.14/src/m68kd.c:367:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "asl");
data/yabause-0.9.14/src/m68kd.c:378:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "asr");
data/yabause-0.9.14/src/m68kd.c:401:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bkpt");
data/yabause-0.9.14/src/m68kd.c:412:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bra");
data/yabause-0.9.14/src/m68kd.c:423:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bchg");
data/yabause-0.9.14/src/m68kd.c:434:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bclr");
data/yabause-0.9.14/src/m68kd.c:445:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bclr ");
data/yabause-0.9.14/src/m68kd.c:447:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:458:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bset");
data/yabause-0.9.14/src/m68kd.c:469:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bset ");
data/yabause-0.9.14/src/m68kd.c:471:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:482:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "btst");
data/yabause-0.9.14/src/m68kd.c:493:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "btst ");
data/yabause-0.9.14/src/m68kd.c:495:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:506:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "bsr");
data/yabause-0.9.14/src/m68kd.c:517:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "chk");
data/yabause-0.9.14/src/m68kd.c:528:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "clr");
data/yabause-0.9.14/src/m68kd.c:530:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:539:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "db");
data/yabause-0.9.14/src/m68kd.c:541:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:542:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, " d%d, %X", op & 0x7, (unsigned int)((s32)addr+2+(s32)(s16)c68k_word_read(addr+2)));
data/yabause-0.9.14/src/m68kd.c:551:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmp.b ");
data/yabause-0.9.14/src/m68kd.c:553:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", d%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:562:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmp.w ");
data/yabause-0.9.14/src/m68kd.c:564:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", d%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:573:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmp.l ");
data/yabause-0.9.14/src/m68kd.c:575:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", d%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:585:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmpa.w");
data/yabause-0.9.14/src/m68kd.c:596:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmpa.l");
data/yabause-0.9.14/src/m68kd.c:607:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmpi");
data/yabause-0.9.14/src/m68kd.c:611:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:622:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "divs.w");
data/yabause-0.9.14/src/m68kd.c:633:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "divu.w");
data/yabause-0.9.14/src/m68kd.c:644:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "cmpm");
data/yabause-0.9.14/src/m68kd.c:655:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "eor.b");
data/yabause-0.9.14/src/m68kd.c:666:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "eor.w");
data/yabause-0.9.14/src/m68kd.c:677:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "eor.l");
data/yabause-0.9.14/src/m68kd.c:688:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "eori");
data/yabause-0.9.14/src/m68kd.c:698:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "eori to ccr");
data/yabause-0.9.14/src/m68kd.c:709:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "exg");
data/yabause-0.9.14/src/m68kd.c:720:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "ext");
data/yabause-0.9.14/src/m68kd.c:729:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "illegal");
data/yabause-0.9.14/src/m68kd.c:738:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "jmp ");
data/yabause-0.9.14/src/m68kd.c:748:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "jsr ");
data/yabause-0.9.14/src/m68kd.c:759:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "lea ");
data/yabause-0.9.14/src/m68kd.c:761:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", a%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:770:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "link");
data/yabause-0.9.14/src/m68kd.c:780:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "lsl");
data/yabause-0.9.14/src/m68kd.c:791:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "lsr");
data/yabause-0.9.14/src/m68kd.c:803:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "move");
data/yabause-0.9.14/src/m68kd.c:807:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:818:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "movea");
data/yabause-0.9.14/src/m68kd.c:821:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", a%d", (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:831:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "move to ccr");
data/yabause-0.9.14/src/m68kd.c:842:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "move from sr");
data/yabause-0.9.14/src/m68kd.c:853:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "move ");
data/yabause-0.9.14/src/m68kd.c:855:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, ", sr");
data/yabause-0.9.14/src/m68kd.c:863:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "movem");
data/yabause-0.9.14/src/m68kd.c:874:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "movep");
data/yabause-0.9.14/src/m68kd.c:885:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "moveq #0x%X, d%d", op & 0xFF, (op >> 9) & 0x7);
data/yabause-0.9.14/src/m68kd.c:895:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "muls");
data/yabause-0.9.14/src/m68kd.c:906:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "mulu");
data/yabause-0.9.14/src/m68kd.c:917:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "nbcd");
data/yabause-0.9.14/src/m68kd.c:928:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "neg");
data/yabause-0.9.14/src/m68kd.c:930:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:941:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "negx");
data/yabause-0.9.14/src/m68kd.c:950:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "nop");
data/yabause-0.9.14/src/m68kd.c:960:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "not");
data/yabause-0.9.14/src/m68kd.c:971:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "ori to CCR");
data/yabause-0.9.14/src/m68kd.c:982:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "ori");
data/yabause-0.9.14/src/m68kd.c:993:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "ori to CCR");
data/yabause-0.9.14/src/m68kd.c:1004:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "pea");
data/yabause-0.9.14/src/m68kd.c:1015:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "rol");
data/yabause-0.9.14/src/m68kd.c:1026:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "ror");
data/yabause-0.9.14/src/m68kd.c:1037:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "roxl");
data/yabause-0.9.14/src/m68kd.c:1048:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "roxr");
data/yabause-0.9.14/src/m68kd.c:1057:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "rtr");
data/yabause-0.9.14/src/m68kd.c:1065:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "rts");
data/yabause-0.9.14/src/m68kd.c:1075:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "sbcd");
data/yabause-0.9.14/src/m68kd.c:1086:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "scc");
data/yabause-0.9.14/src/m68kd.c:1097:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "sub");
data/yabause-0.9.14/src/m68kd.c:1108:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "suba");
data/yabause-0.9.14/src/m68kd.c:1119:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "subi");
data/yabause-0.9.14/src/m68kd.c:1123:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, ", ");
data/yabause-0.9.14/src/m68kd.c:1134:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "subq");
data/yabause-0.9.14/src/m68kd.c:1136:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, " #%d, ", (op >> 9) & 7); // fix me
data/yabause-0.9.14/src/m68kd.c:1147:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "subx");
data/yabause-0.9.14/src/m68kd.c:1156:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "swap d%d", op & 0x7);
data/yabause-0.9.14/src/m68kd.c:1166:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "tas");
data/yabause-0.9.14/src/m68kd.c:1177:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "trap");
data/yabause-0.9.14/src/m68kd.c:1186:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "trapv");
data/yabause-0.9.14/src/m68kd.c:1196:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "tst");
data/yabause-0.9.14/src/m68kd.c:1206:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "unlk");
data/yabause-0.9.14/src/m68kd.c:1314:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
outstring += sprintf(outstring, "%05X: ", (unsigned int)addr);
data/yabause-0.9.14/src/m68kd.c:1327:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "unknown");
data/yabause-0.9.14/src/macjoy.c:410:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if((*joy->iface)->open(joy->iface, 0)) {
data/yabause-0.9.14/src/macjoy.c:423:14: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!joy->open) {
data/yabause-0.9.14/src/macjoy.h:51:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int open;
data/yabause-0.9.14/src/macjoy.h:60:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/yabause-0.9.14/src/memory.c:850:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/memory.c:886:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/memory.c:1021:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/memory.c:1126:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[3];
data/yabause-0.9.14/src/memory.c:1144:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/memory.c:1361:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/yabause-0.9.14/src/memory.c:1378:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[512];
data/yabause-0.9.14/src/memory.h:204:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "rb")) == NULL)
data/yabause-0.9.14/src/memory.h:308:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/movie.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char MovieStatus[40];
data/yabause-0.9.14/src/movie.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[40];
data/yabause-0.9.14/src/movie.c:94:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char InputDisplayString[40];
data/yabause-0.9.14/src/movie.c:173:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Playback Stopped");
data/yabause-0.9.14/src/movie.c:182:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Recording Stopped");
data/yabause-0.9.14/src/movie.c:189:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Playback Stopped");
data/yabause-0.9.14/src/movie.c:211:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Recording Resumed");
data/yabause-0.9.14/src/movie.c:286:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Recording Stopped");
data/yabause-0.9.14/src/movie.c:294:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Playback Stopped");
data/yabause-0.9.14/src/movie.c:307:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((Movie.fp = fopen(filename, "w+b")) == NULL)
data/yabause-0.9.14/src/movie.c:318:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Recording Started");
data/yabause-0.9.14/src/movie.c:335:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((Movie.fp = fopen(filename, "r+b")) == NULL)
data/yabause-0.9.14/src/movie.c:348:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(MovieStatus, "Playback Started");
data/yabause-0.9.14/src/movie.c:449:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tempbuffertest=fopen("rmiab.txt", "wb");
data/yabause-0.9.14/src/movie.h:83:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char MovieStatus[40];
data/yabause-0.9.14/src/movie.h:84:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char InputDisplayString[40];
data/yabause-0.9.14/src/netlink.c:404:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring[45];
data/yabause-0.9.14/src/netlink.c:424:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char number[45];
data/yabause-0.9.14/src/netlink.c:662:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(NetlinkArea->ipstring, "127.0.0.1");
data/yabause-0.9.14/src/netlink.c:663:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(NetlinkArea->portstring, "31337");
data/yabause-0.9.14/src/netlink.c:672:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(NetlinkArea->portstring, "1337");
data/yabause-0.9.14/src/netlink.c:676:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(NetlinkArea->ipstring, setting, (int)(p - setting));
data/yabause-0.9.14/src/netlink.c:679:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(NetlinkArea->portstring, "1337");
data/yabause-0.9.14/src/netlink.c:929:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
if (ret = NetworkRestartListener(atoi(port)) != 0)
data/yabause-0.9.14/src/netlink.c:985:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
connect->port = atoi(port);
data/yabause-0.9.14/src/netlink.h:89:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ipstring[16];
data/yabause-0.9.14/src/netlink.h:90:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char portstring[6];
data/yabause-0.9.14/src/netlink.h:99:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ip[16];
data/yabause-0.9.14/src/osdcore.c:116:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/yabause-0.9.14/src/perdx.c:297:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[512];
data/yabause-0.9.14/src/peripheral.h:136:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * PerPadNames[14];
data/yabause-0.9.14/src/peripheral.h:201:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern const char * PerMouseNames[5];
data/yabause-0.9.14/src/perlinuxjoy.c:54:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hJOY = open("/dev/input/js0", O_RDONLY | O_NONBLOCK);
data/yabause-0.9.14/src/perlinuxjoy.c:125:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%x", (int)key);
data/yabause-0.9.14/src/persdljoy.c:352:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(name, "%x", (int)key);
data/yabause-0.9.14/src/profile.h:32:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_name [MAX_TAG_LEN] ;
data/yabause-0.9.14/src/q68/q68-disasm.c:390:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char outbuf[1000];
data/yabause-0.9.14/src/q68/q68-disasm.c:434:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tagbuf[100];
data/yabause-0.9.14/src/q68/q68-disasm.c:441:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tagbuf, &format[inpos+1], end - (inpos+1));
data/yabause-0.9.14/src/q68/q68-disasm.c:594:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listbuf[3*16]; // Buffer for generating register list
data/yabause-0.9.14/src/q68/q68-disasm.c:736:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen("q68.log", "w");
data/yabause-0.9.14/src/q68/q68-disasm.c:773:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&buf1[24], disassembled, dislen);
data/yabause-0.9.14/src/q68/q68-disasm.c:793:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hexbuf[100];
data/yabause-0.9.14/src/q68/q68-jit-psp.h:111:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)entry->native_code + entry->native_length, \
data/yabause-0.9.14/src/q68/q68-jit-x86.h:111:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)entry->native_code + entry->native_length, \
data/yabause-0.9.14/src/q68/q68-jit-x86.h:135:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((uint8_t *)entry->native_code + entry->native_length, \
data/yabause-0.9.14/src/qt/mkspecs/win32-osx-g++/qplatformdefs.h:133:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define QT_FOPEN ::fopen
data/yabause-0.9.14/src/qt/mkspecs/win32-x11-g++/qplatformdefs.h:133:35: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define QT_FOPEN ::fopen
data/yabause-0.9.14/src/qt/ui/UIDebugSCSP.cpp:39:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[2048];
data/yabause-0.9.14/src/qt/ui/UIDebugSCSP.cpp:55:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[2048];
data/yabause-0.9.14/src/qt/ui/UIDebugSH2.cpp:379:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char errorMsg[512];
data/yabause-0.9.14/src/qt/ui/UIDebugVDP1.cpp:66:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[1024];
data/yabause-0.9.14/src/qt/ui/UIDebugVDP2.cpp:46:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[2048];
data/yabause-0.9.14/src/qt/ui/UIDisasm.cpp:109:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/yabause-0.9.14/src/qt/ui/UIDisasm.cpp:139:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/yabause-0.9.14/src/qt/ui/UIHexEditor.cpp:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[2] = { ch, '\0' };
data/yabause-0.9.14/src/qt/ui/UIHexEditor.cpp:972:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *fp=fopen(filename.toLatin1(), "wb");
data/yabause-0.9.14/src/qt/ui/UIHexInput.cpp:24:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char format[5];
data/yabause-0.9.14/src/qt/ui/UIHexInput.cpp:31:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(format, "%%0%dX", size * 2);
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:168:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE * f = fopen("/proc/sys/dev/cdrom/info", "r");
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:169:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:170:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive_name[10];
data/yabause-0.9.14/src/qt/ui/UISettings.cpp:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char drive_path[255];
data/yabause-0.9.14/src/scsp.c:3483:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cddabuf.data+cdda_next_in, sector, 2352);
data/yabause-0.9.14/src/scsp.c:4308:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (filename, "wb")) == NULL)
data/yabause-0.9.14/src/scsp.c:4376:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/yabause-0.9.14/src/scsp.c:4383:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rifftype[4];
data/yabause-0.9.14/src/scsp.c:4416:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen (filename, "wb")) == NULL)
data/yabause-0.9.14/src/scsp.c:4420:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (waveheader.riff.id, "RIFF", 4);
data/yabause-0.9.14/src/scsp.c:4422:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (waveheader.rifftype, "WAVE", 4);
data/yabause-0.9.14/src/scsp.c:4426:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (fmt.chunk.id, "fmt ", 4);
data/yabause-0.9.14/src/scsp.c:4437:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (data.id, "data", 4);
data/yabause-0.9.14/src/scsp.c:4441:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&slot, &scsp.slot[slotnum], sizeof(slot_t));
data/yabause-0.9.14/src/scsp2.c:1665:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cdda_buf.sectors[next_in], sector, 2352);
data/yabause-0.9.14/src/scsp2.c:2234:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/scsp2.c:2262:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/yabause-0.9.14/src/scsp2.c:2268:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rifftype[4];
data/yabause-0.9.14/src/scsp2.c:2295:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/scsp2.c:2299:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(waveheader.riff.id, "RIFF", 4);
data/yabause-0.9.14/src/scsp2.c:2301:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(waveheader.rifftype, "WAVE", 4);
data/yabause-0.9.14/src/scsp2.c:2305:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fmt.chunk.id, "fmt ", 4);
data/yabause-0.9.14/src/scsp2.c:2316:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.id, "data", 4);
data/yabause-0.9.14/src/scu.c:282:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_ptr, source_ptr, TransferSize);
data/yabause-0.9.14/src/scu.c:293:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_ptr, source_ptr, TransferSize);
data/yabause-0.9.14/src/scu.c:298:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest_ptr, source_ptr, TransferSize);
data/yabause-0.9.14/src/scu.c:1413:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "%02X: ", addr);
data/yabause-0.9.14/src/scu.c:1418:7: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "NOP");
data/yabause-0.9.14/src/scu.c:1428:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "AND");
data/yabause-0.9.14/src/scu.c:1433:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "OR");
data/yabause-0.9.14/src/scu.c:1438:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "XOR");
data/yabause-0.9.14/src/scu.c:1443:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "ADD");
data/yabause-0.9.14/src/scu.c:1448:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "SUB");
data/yabause-0.9.14/src/scu.c:1453:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "AD2");
data/yabause-0.9.14/src/scu.c:1458:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "SR");
data/yabause-0.9.14/src/scu.c:1463:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "RR");
data/yabause-0.9.14/src/scu.c:1468:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "SL");
data/yabause-0.9.14/src/scu.c:1473:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "RL");
data/yabause-0.9.14/src/scu.c:1478:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "RL8");
data/yabause-0.9.14/src/scu.c:1507:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "MOV MUL, P");
data/yabause-0.9.14/src/scu.c:1540:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "CLR A");
data/yabause-0.9.14/src/scu.c:1545:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "MOV ALU, A");
data/yabause-0.9.14/src/scu.c:1667:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "DMA");
data/yabause-0.9.14/src/scu.c:1677:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "%d ", addressAdd);
data/yabause-0.9.14/src/scu.c:1702:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP $%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1705:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP NZ,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1708:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP NS,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1711:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP NZS,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1714:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP NC,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1717:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP NT0,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1720:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP Z,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1723:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP S,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1726:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP ZS,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1729:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP C,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1732:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "JMP T0,$%02X", (unsigned int)instruction & 0xFF);
data/yabause-0.9.14/src/scu.c:1735:22: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "Unknown JMP");
data/yabause-0.9.14/src/scu.c:1741:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "LPS");
data/yabause-0.9.14/src/scu.c:1743:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "BTM");
data/yabause-0.9.14/src/scu.c:1748:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "ENDI");
data/yabause-0.9.14/src/scu.c:1750:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "END");
data/yabause-0.9.14/src/scu.c:1757:10: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(outstring, "Invalid opcode");
data/yabause-0.9.14/src/scu.c:1779:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/scu.c:1813:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fp = fopen(filename, "wb")) == NULL)
data/yabause-0.9.14/src/scu.c:1841:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs->ProgramRam, ScuDsp->ProgramRam, sizeof(u32) * 256);
data/yabause-0.9.14/src/scu.c:1842:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs->MD, ScuDsp->MD, sizeof(u32) * 64 * 4);
data/yabause-0.9.14/src/scu.c:1852:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs->CT, ScuDsp->CT, sizeof(u8) * 4);
data/yabause-0.9.14/src/scu.c:1869:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ScuDsp->ProgramRam, regs->ProgramRam, sizeof(u32) * 256);
data/yabause-0.9.14/src/scu.c:1870:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ScuDsp->MD, regs->MD, sizeof(u32) * 64 * 4);
data/yabause-0.9.14/src/scu.c:1880:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ScuDsp->CT, regs->CT, sizeof(u8) * 4);
data/yabause-0.9.14/src/scu.c:2265:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ScuRegs->interrupts[i2], &ScuRegs->interrupts[i2+1], sizeof(scuinterrupt_struct));
data/yabause-0.9.14/src/scu.c:2300:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, &ScuRegs->interrupts[i], sizeof(scuinterrupt_struct));
data/yabause-0.9.14/src/scu.c:2301:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ScuRegs->interrupts[i], &ScuRegs->interrupts[i2], sizeof(scuinterrupt_struct));
data/yabause-0.9.14/src/scu.c:2302:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ScuRegs->interrupts[i2], &tmp, sizeof(scuinterrupt_struct));
data/yabause-0.9.14/src/sh2_dynarec/assem_arm.c:359:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_arm.c:483:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_arm.c:580:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regname[16][4] = {
data/yabause-0.9.14/src/sh2_dynarec/assem_x64.c:286:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_x64.c:410:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_x64.c:504:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regname[16][4] = {
data/yabause-0.9.14/src/sh2_dynarec/assem_x86.c:251:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_x86.c:375:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char hsn[MAXREG+1];
data/yabause-0.9.14/src/sh2_dynarec/assem_x86.c:469:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char regname[8][4] = {
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:51:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char regmap_entry[HOST_REGS];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:52:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char regmap[HOST_REGS];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:75:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char insn[MAXBLOCK][10];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:76:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char itype[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:77:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcode[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:78:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcode2[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:79:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char opcode3[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:80:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char addrmode[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:81:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bt[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:82:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char rs1[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:83:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char rs2[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:84:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char rs3[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:85:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char rt1[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:86:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char rt2[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:87:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char us1[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:88:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char us2[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:89:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dep1[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:90:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char dep2[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:91:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char lt1[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:94:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char is_ds[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:95:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ooo[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:98:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char regmap_pre[MAXBLOCK][HOST_REGS];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:102:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char minimum_free_regs[MAXBLOCK];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:123:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
ALIGNED(16) char shadow[2097152];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cached_code[0x20000];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:129:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cached_code_words[2048*128];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5402:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(insn[i],"???"); type=NI;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5410:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"STC"); type=MOV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5414:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"BSRF"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5415:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"BRAF"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5418:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"MOV.B"); type=STORE;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5419:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.W"); type=STORE;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5420:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"MOV.L"); type=STORE;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5421:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"MUL.L"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5425:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"CLRT"); type=FLAGS; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5426:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"SETT"); type=FLAGS; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5427:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"CLRMAC"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5433:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"NOP"); type=NOP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5434:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"DIV0U"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5435:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"MOVT"); type=FLAGS; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5438:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"STS"); type=MOV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5442:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"RTS"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5443:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"SLEEP"); type=SYSTEM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5444:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"RTE"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5447:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0C: strcpy(insn[i],"MOV.B"); type=LOAD;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5448:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"MOV.W"); type=LOAD;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5449:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"MOV.L"); type=LOAD;mode=DUALIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5450:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"MAC.L"); type=COMPLEX; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5453:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"MOV.L"); type=STORE;mode=REGDISP;op2=2; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5458:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"MOV.B"); type=STORE;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5459:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"MOV.W"); type=STORE;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5460:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"MOV.L"); type=STORE;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5461:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"MOV.B"); type=STORE;mode=PREDEC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5462:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.W"); type=STORE;mode=PREDEC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5463:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"MOV.L"); type=STORE;mode=PREDEC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5464:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"DIV0S"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5465:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x08: strcpy(insn[i],"TST"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5466:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x09: strcpy(insn[i],"AND"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5467:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"XOR"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5468:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"OR"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5469:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0C: strcpy(insn[i],"CMP/ST"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5470:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"XTRCT"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5471:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"MULU.W"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5472:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"MULS.W"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5479:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"CMP/EQ"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5480:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"CMP/HS"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5481:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x03: strcpy(insn[i],"CMP/GE"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5482:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"DIV1"); type=COMPLEX; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5483:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"DMULU.L"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5484:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"CMP/HI"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5485:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"CMP/GT"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5486:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x08: strcpy(insn[i],"SUB"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5487:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"SUBC"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5488:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"SUBV"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5489:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0C: strcpy(insn[i],"ADD"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5490:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"DMULS.L"); type=MULTDIV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5491:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"ADDC"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5492:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"ADDV"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5503:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"SHLL"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5504:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"DT"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5505:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"SHAL"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5511:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"SHLR"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5512:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"CMP/PZ"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5513:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"SHAR"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5516:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"STS.L"); type=STORE;mode=PREDEC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5517:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x03: strcpy(insn[i],"STC.L"); type=STORE;mode=PREDEC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5521:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"ROTL"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5522:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"ROTCL"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5528:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"ROTR"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5529:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"CMP/PL"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5530:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"ROTCR"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5533:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"LDS.L"); type=LOAD;mode=POSTINC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5534:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"LDC.L"); type=LOAD;mode=POSTINC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5538:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"SHLL2"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5539:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"SHLL8"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5540:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"SHLL16"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5546:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"SHLR2"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5547:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"SHLR8"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5548:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"SHLR16"); type=SHIFTIMM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5551:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"LDS"); type=MOV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5555:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"JSR"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5556:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"TAS.B"); type=RMW;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5557:26: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"JMP"); type=RJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5560:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"LDC"); type=MOV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5561:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"MAC.W"); type=COMPLEX; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5564:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.L"); type=LOAD;mode=REGDISP;op2=2; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5569:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"MOV.B"); type=LOAD;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5570:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"MOV.W"); type=LOAD;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5571:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"MOV.L"); type=LOAD;mode=REGIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5572:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x03: strcpy(insn[i],"MOV"); type=MOV; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5573:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"MOV.B"); type=LOAD;mode=POSTINC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5574:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.W"); type=LOAD;mode=POSTINC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5575:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"MOV.L"); type=LOAD;mode=POSTINC; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5576:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"NOT"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5577:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x08: strcpy(insn[i],"SWAP.B"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5578:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x09: strcpy(insn[i],"SWAP.W"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5579:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"NEGC"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5580:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"NEG"); type=ALU; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5581:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0C: strcpy(insn[i],"EXTU.B"); type=EXT; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5582:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"EXTU.W"); type=EXT; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5583:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"EXTS.B"); type=EXT; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5584:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"EXTS.W"); type=EXT; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5587:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"ADD"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5592:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"MOV.B"); type=STORE;mode=REGDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5593:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"MOV.W"); type=STORE;mode=REGDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5594:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"MOV.B"); type=LOAD;mode=REGDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5595:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.W"); type=LOAD;mode=REGDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5596:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x08: strcpy(insn[i],"CMP/EQ"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5597:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x09: strcpy(insn[i],"BT"); type=CJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5598:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"BF"); type=CJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5599:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"BT/S"); type=SJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5600:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"BF/S"); type=SJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5603:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x09: strcpy(insn[i],"MOV.W"); type=PCREL; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5604:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"BRA"); type=UJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5605:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"BSR"); type=UJUMP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5610:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x00: strcpy(insn[i],"MOV.B"); type=STORE;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5611:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x01: strcpy(insn[i],"MOV.W"); type=STORE;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5612:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x02: strcpy(insn[i],"MOV.L"); type=STORE;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5613:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x03: strcpy(insn[i],"TRAPA"); type=SYSTEM; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5614:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x04: strcpy(insn[i],"MOV.B"); type=LOAD;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5615:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x05: strcpy(insn[i],"MOV.W"); type=LOAD;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5616:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x06: strcpy(insn[i],"MOV.L"); type=LOAD;mode=GBRDISP; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5617:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x07: strcpy(insn[i],"MOVA"); type=PCREL; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5618:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x08: strcpy(insn[i],"TST"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5619:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x09: strcpy(insn[i],"AND"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5620:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0A: strcpy(insn[i],"XOR"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5621:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0B: strcpy(insn[i],"OR"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5622:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0C: strcpy(insn[i],"TST.B"); type=LOAD;mode=GBRIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5623:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"AND.B"); type=RMW;mode=GBRIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5624:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"XOR.B"); type=RMW;mode=GBRIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5625:22: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0F: strcpy(insn[i],"OR.B"); type=RMW;mode=GBRIND; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5628:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0D: strcpy(insn[i],"MOV.L"); type=PCREL; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5629:18: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
case 0x0E: strcpy(insn[i],"MOV"); type=IMM8; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:5630:16: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
default: strcpy(insn[i],"???"); type=NI; break;
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6087:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(insn[i],"(BIOS)");
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6166:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs[i].constmap,p_constmap,sizeof(u32)*SH2_REGS);
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6191:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regmap_pre[i],current.regmap,sizeof(current.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6244:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&temp,¤t,sizeof(current));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6248:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs[i].regmap,temp.regmap,sizeof(temp.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6489:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs[i].regmap,current.regmap,sizeof(current.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6497:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1],¤t,sizeof(current));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6508:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1].regmap_entry,&branch_regs[i-1].regmap,sizeof(current.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6509:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpmap[i],cpmap[i-1],sizeof(current.cpmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6512:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1],¤t,sizeof(current));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6538:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1].regmap_entry,&branch_regs[i-1].regmap,sizeof(current.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6539:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpmap[i],cpmap[i-1],sizeof(current.cpmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6557:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1],¤t,sizeof(current));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6561:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&branch_regs[i-1].regmap_entry,¤t.regmap,sizeof(current.regmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6562:11: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpmap[i],cpmap[i-1],sizeof(current.cpmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6637:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cpmap[i],current.cpmap,sizeof(current.cpmap));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:6925:10: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char f_regmap[HOST_REGS];
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:8079:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy,alignedsource,alignedlen);
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:8356:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(regs->R), master_reg, 16*sizeof(int));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:8358:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&(regs->R), slave_reg, 16*sizeof(int));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:8371:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(master_reg, &(regs->R), 16*sizeof(int));
data/yabause-0.9.14/src/sh2_dynarec/sh2_dynarec.c:8373:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(slave_reg, &(regs->R), 16*sizeof(int));
data/yabause-0.9.14/src/sh2core.c:804:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&tmp, context->bp.memorybreakpoint+i, sizeof(memorybreakpoint_struct));
data/yabause-0.9.14/src/sh2core.c:805:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->bp.memorybreakpoint+i, context->bp.memorybreakpoint+i2, sizeof(memorybreakpoint_struct));
data/yabause-0.9.14/src/sh2core.c:806:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->bp.memorybreakpoint+i2, &tmp, sizeof(memorybreakpoint_struct));
data/yabause-0.9.14/src/sh2d.c:196:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"0x%08X: ", (unsigned int)v_addr);
data/yabause-0.9.14/src/sh2d.c:204:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"unrecognized");
data/yabause-0.9.14/src/sh2d.c:244:19: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string," ; 0x%08X",
data/yabause-0.9.14/src/sh2d.c:272:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string," ; 0x%08X", (op & 0xff) * tab[i].dat + 4 + (unsigned int)v_addr);
data/yabause-0.9.14/src/sh2d.c:279:16: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string," ; 0x%08X",
data/yabause-0.9.14/src/sh2d.c:289:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"unrecognized");
data/yabause-0.9.14/src/sh2d.c:294:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string,"unrecognized");
data/yabause-0.9.14/src/sh2iasm.c:967:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s1[30],s2[30];
data/yabause-0.9.14/src/sh2iasm.c:1059:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[30];
data/yabause-0.9.14/src/sh2iasm.c:1060:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg1[30];
data/yabause-0.9.14/src/sh2iasm.c:1061:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char arg2[30];
data/yabause-0.9.14/src/sh2idle.c:575:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lineBuf[64];
data/yabause-0.9.14/src/sh2int.c:2902:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(regs, &context->regs, sizeof(sh2regs_struct));
data/yabause-0.9.14/src/sh2int.c:2965:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&context->regs, regs, sizeof(sh2regs_struct));
data/yabause-0.9.14/src/sh2int.c:3065:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(interrupts, context->interrupts, sizeof(interrupt_struct) * MAX_INTERRUPTS);
data/yabause-0.9.14/src/sh2int.c:3074:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(context->interrupts, interrupts, sizeof(interrupt_struct) * MAX_INTERRUPTS);
data/yabause-0.9.14/src/sh2trace.c:200:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/yabause-0.9.14/src/sh2trace.c:209:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmdbuf[100];
data/yabause-0.9.14/src/sh2trace.c:213:23: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
logfile = fopen(filename, "w");
data/yabause-0.9.14/src/smpc.c:372:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&SmpcInternalVars->port1, port1, sizeof(PortData_struct));
data/yabause-0.9.14/src/smpc.c:373:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&SmpcInternalVars->port2, port2, sizeof(PortData_struct));
data/yabause-0.9.14/src/smpc.c:386:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SmpcRegs->OREG, SmpcInternalVars->port1.data+SmpcInternalVars->port1.offset, SmpcInternalVars->port1.size-SmpcInternalVars->port1.offset);
data/yabause-0.9.14/src/smpc.c:392:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SmpcRegs->OREG, SmpcInternalVars->port1.data, 32);
data/yabause-0.9.14/src/smpc.c:402:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SmpcRegs->OREG + oregoffset, SmpcInternalVars->port2.data+SmpcInternalVars->port2.offset, SmpcInternalVars->port2.size-SmpcInternalVars->port2.offset);
data/yabause-0.9.14/src/smpc.c:407:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SmpcRegs->OREG + oregoffset, SmpcInternalVars->port2.data, 32 - oregoffset);
data/yabause-0.9.14/src/snddx.c:77:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempstr[512];
data/yabause-0.9.14/src/snddx.c:243:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer1, stereodata16, buffer1_size);
data/yabause-0.9.14/src/snddx.c:245:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer2, ((u8 *)stereodata16)+buffer1_size, buffer2_size);
data/yabause-0.9.14/src/sndmac.c:70:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char buffer[BUFFER_LEN];
data/yabause-0.9.14/src/sndmac.c:91:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, buffer + read_pos, len);
data/yabause-0.9.14/src/sndwav.c:56:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/yabause-0.9.14/src/sndwav.c:62:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rifftype[4];
data/yabause-0.9.14/src/sndwav.c:87:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wavefp = fopen(wavefilename, "wb")) == NULL)
data/yabause-0.9.14/src/sndwav.c:92:21: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((wavefp = fopen("scsp.wav", "wb")) == NULL)
data/yabause-0.9.14/src/sndwav.c:97:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(waveheader.riff.id, "RIFF", 4);
data/yabause-0.9.14/src/sndwav.c:99:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(waveheader.rifftype, "WAVE", 4);
data/yabause-0.9.14/src/sndwav.c:103:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fmt.chunk.id, "fmt ", 4);
data/yabause-0.9.14/src/sndwav.c:114:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data.id, "data", 4);
data/yabause-0.9.14/src/sock-linux.c:49:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[256];
data/yabause-0.9.14/src/sock-linux.c:57:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_str, "%d", port);
data/yabause-0.9.14/src/sock-windows.c:60:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char port_str[256];
data/yabause-0.9.14/src/sock-windows.c:68:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(port_str, "%d", port);
data/yabause-0.9.14/src/tools/cdtest.c:166:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char syncheader[12] = { 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
data/yabause-0.9.14/src/vdp2.c:288:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(Vdp2Lines + yabsys.LineCount, Vdp2Regs, sizeof(Vdp2));
data/yabause-0.9.14/src/vidogl.c:3046:20: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char lineColors[512 * 3];
data/yabause-0.9.14/src/ygl.c:165:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d,s_msg_no_opengl2,b);
data/yabause-0.9.14/src/yglshader.c:550:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tmp,level->prg,sizeof(YglProgram)*(level->prgcount-1));
data/yabause-0.9.14/src/android/jni/miniegl.h:42:73: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
EGLBoolean (*eglMakeCurrent)(EGLDisplay dpy, EGLSurface draw,EGLSurface read, EGLContext ctx);
data/yabause-0.9.14/src/cd-freebsd.c:155:3: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(hCDROM, buffer, 2352);
data/yabause-0.9.14/src/cd-macosx.c:90:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cdrom_name, "r");
data/yabause-0.9.14/src/cd-macosx.c:91:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(cdrom_name);
data/yabause-0.9.14/src/cd-netbsd.c:156:16: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
read(hCDROM, (char *)buffer + 0x10, 2048);
data/yabause-0.9.14/src/cdbase.c:457:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcspn(p, "/\\") == strlen(p))
data/yabause-0.9.14/src/cdbase.c:464:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp_buffer2 = (char *)calloc(strlen(cuefilename) + strlen(p) + 1, 1)) == NULL)
data/yabause-0.9.14/src/cdbase.c:464:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((temp_buffer2 = (char *)calloc(strlen(cuefilename) + strlen(p) + 1, 1)) == NULL)
data/yabause-0.9.14/src/cdbase.c:475:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strcspn(p2, "/\\") == strlen(p2))
data/yabause-0.9.14/src/cdbase.c:489:7: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(temp_buffer2, cuefilename, p2 - cuefilename);
data/yabause-0.9.14/src/cheat.c:317:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
descsize = (u8)strlen(cheatlist[i].desc)+1;
data/yabause-0.9.14/src/core.h:200:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s); \
data/yabause-0.9.14/src/core.h:206:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s); \
data/yabause-0.9.14/src/error.c:37:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((string = (char *)malloc(strlen(string1) + strlen(string2) + 2)) == NULL)
data/yabause-0.9.14/src/error.c:37:51: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((string = (char *)malloc(strlen(string1) + strlen(string2) + 2)) == NULL)
data/yabause-0.9.14/src/gtk/main.c:490:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy(biospath, argv[i] + strlen("--bios="), 256);
data/yabause-0.9.14/src/gtk/main.c:498:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy(cdpath, argv[i] + strlen("--iso="), 256);
data/yabause-0.9.14/src/gtk/main.c:506:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_strlcpy(cdpath, argv[i] + strlen("--cdrom="), 256);
data/yabause-0.9.14/src/gtk/main.c:531:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fscount = sscanf(argv[i] + strlen("--autoframeskip="), "%d", &fsenable);
data/yabause-0.9.14/src/gtk/main.c:541:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
bincount = sscanf(argv[i] + strlen("--binary="), "%[^:]:%x", binname, &binaddress);
data/yabause-0.9.14/src/gtk/yuim68k.c:270:71: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( offset == addr ) { bOnPC = 1; strcpy( curs, tagPC ); curs += strlen(tagPC); }
data/yabause-0.9.14/src/gtk/yuim68k.c:273:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curs += strlen(lineBuf);
data/yabause-0.9.14/src/gtk/yuim68k.c:274:63: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( bOnPC ) { bOnPC = 0; strcpy( curs, tagEnd ); curs += strlen(tagEnd); }
data/yabause-0.9.14/src/gtk/yuim68k.c:275:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else { strcpy( curs, "\n" ); curs += 1;}
data/yabause-0.9.14/src/gtk/yuim68k.c:301:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( endptr - arg2 == strlen(arg2) ) {
data/yabause-0.9.14/src/gtk/yuim68k.c:323:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((endptr - arg2 < strlen(arg2)) || (!addr)) addr = 0xFFFFFFFF;
data/yabause-0.9.14/src/gtk/yuiscudsp.c:312:64: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( offset + i == addr ) { strcpy( curs, tagPC ); curs += strlen(tagPC); }
data/yabause-0.9.14/src/gtk/yuiscudsp.c:315:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
curs += strlen(lineBuf);
data/yabause-0.9.14/src/gtk/yuiscudsp.c:316:65: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( offset + i == addr ) { strcpy( curs, tagEnd ); curs += strlen(tagEnd); }
data/yabause-0.9.14/src/gtk/yuiscudsp.c:317:12: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
else { strcpy( curs, "\n" ); curs += 1;}
data/yabause-0.9.14/src/gtk/yuiscudsp.c:344:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( endptr - arg2 == strlen(arg2) ) {
data/yabause-0.9.14/src/gtk/yuiscudsp.c:366:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((endptr - arg2 < strlen(arg2)) || (!addr)) addr = 0xFFFFFFFF;
data/yabause-0.9.14/src/gtk/yuish.c:580:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ( endptr - arg2 == strlen(arg2) ) {
data/yabause-0.9.14/src/gtk/yuish.c:610:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((endptr - arg2 < strlen(arg2)) || (!addr)) addr = 0xFFFFFFFF;
data/yabause-0.9.14/src/gtk/yuitransfer.c:93:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_label_set_width_chars (GTK_LABEL (label4), strlen(tmp));
data/yabause-0.9.14/src/gtk/yuitransfer.c:133:50: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_label_set_width_chars (GTK_LABEL (label2), strlen(tmp));
data/yabause-0.9.14/src/gtk/yuitransfer.c:143:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
gtk_label_set_width_chars (GTK_LABEL (yt->to_label), strlen(tmp));
data/yabause-0.9.14/src/m68kd.c:49:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
return sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:66:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
return sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:307:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:343:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:389:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, "b");
data/yabause-0.9.14/src/m68kd.c:609:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:805:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/m68kd.c:1121:17: [1] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source is a constant character.
outstring += sprintf(outstring, " ");
data/yabause-0.9.14/src/memory.c:915:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(p); i++)
data/yabause-0.9.14/src/memory.c:1446:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buflen=(u32)strlen(searchstr);
data/yabause-0.9.14/src/movie.c:100:2: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(str, "");
data/yabause-0.9.14/src/movie.c:428:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const unsigned long newsize = strlen(filename) + 5 + 1;
data/yabause-0.9.14/src/netlink.c:184:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NetlinkArea->outbufferend += (u32)strlen(string);
data/yabause-0.9.14/src/netlink.c:185:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NetlinkArea->outbuffersize += (u32)strlen(string);
data/yabause-0.9.14/src/netlink.c:678:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(p+1) == 0)
data/yabause-0.9.14/src/osdcore.c:304:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msglength = strlen(message->message);
data/yabause-0.9.14/src/perlinuxjoy.c:76:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(hJOY, &evt, sizeof(struct js_event)) > 0)
data/yabause-0.9.14/src/perlinuxjoy.c:106:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (read(hJOY, &evt, sizeof(struct js_event)) <= 0) return 0;
data/yabause-0.9.14/src/perlinuxjoy.c:118:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (read(hJOY, &evt, sizeof(struct js_event)) > 0);
data/yabause-0.9.14/src/q68/q68-disasm.c:749:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int dislen = strlen(disassembled);
data/yabause-0.9.14/src/q68/q68-disasm.c:785:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
fwrite(buf1, 1, strlen(buf1), logfile);
data/yabause-0.9.14/src/qt/Arguments.cpp:87:47: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
params[option->priority] = argument.mid(strlen(option->longname));
data/yabause-0.9.14/src/qt/ui/UIDisasm.cpp:27:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(string, " ");
data/yabause-0.9.14/src/scu.c:1414:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1429:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1430:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1434:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1435:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1439:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1440:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1444:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1445:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1449:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1450:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1454:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1455:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1459:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1460:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1464:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1465:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1469:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1470:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1474:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1475:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1479:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter = strlen(outstring);
data/yabause-0.9.14/src/scu.c:1480:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1495:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1496:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1508:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1509:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1513:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1514:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1528:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1529:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1541:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1542:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1546:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1547:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1551:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
counter+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1552:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1567:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1571:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1668:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/scu.c:1678:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
outstring+=strlen(outstring);
data/yabause-0.9.14/src/sh2d.c:197:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string+=strlen(string);
data/yabause-0.9.14/src/sh2d.c:243:27: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string+=strlen(string);
data/yabause-0.9.14/src/sh2d.c:271:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string+=strlen(string);
data/yabause-0.9.14/src/sh2d.c:278:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
string+=strlen(string);
data/yabause-0.9.14/src/sndal.c:124:9: [1] (obsolete) usleep:
This C routine is considered obsolete (as opposed to the shell command by
the same name). The interaction of this function with SIGALRM and other
timer functions such as sleep(), alarm(), setitimer(), and nanosleep() is
unspecified (CWE-676). Use nanosleep(2) or setitimer(2) instead.
usleep(5 * 1000);
data/yabause-0.9.14/src/yabause.c:250:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (init->biospath != NULL && strlen(init->biospath))
data/yabause-0.9.14/src/ygl.c:160:48: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if( pname == GL_INFO_LOG_LENGTH ) *params = strlen((const char *) s_msg_no_opengl2)+1;
ANALYSIS SUMMARY:
Hits = 1032
Lines analyzed = 140942 in approximately 3.24 seconds (43447 lines/second)
Physical Source Lines of Code (SLOC) = 105129
Hits@level = [0] 358 [1] 108 [2] 713 [3] 8 [4] 203 [5] 0
Hits@level+ = [0+] 1390 [1+] 1032 [2+] 924 [3+] 211 [4+] 203 [5+] 0
Hits/KSLOC@level+ = [0+] 13.2219 [1+] 9.81651 [2+] 8.7892 [3+] 2.00706 [4+] 1.93096 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.