Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/generic/misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/shared/hunk.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/signalhandler.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/header/resource.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/shared/hunk.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_cin.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_effects.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_entities.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_input.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_inventory.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_lights.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_particles.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_prediction.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_tempentities.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/download.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/qcurl.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/qcurl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/header/console.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/header/keyboard.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/header/screen.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/input/header/input.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/input/sdl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/header/qmenu.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/videomenu.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/constants/anorms.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/constants/anormtab.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/constants/warpsin.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/pcx.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/pvs.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/wal.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_draw.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_light.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_lightmap.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_md2.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_mesh.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_scrap.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_sdl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_sp2.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_surf.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_warp.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/header/model.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/header/qgl.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/qgl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_draw.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_light.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_lightmap.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_md2.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_mesh.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_sdl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_shaders.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_sp2.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_surf.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_warp.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/include/KHR/khrplatform.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/include/glad/glad.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/src/glad.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/DG_dynarr.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/HandmadeMath.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/model.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/ref_shared.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/header/model.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_aclip.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_alias.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_bsp.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_draw.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_edge.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_light.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_part.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_poly.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_polyset.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_rast.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_scan.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_sprite.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_surf.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/qal.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/sound.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/vorbis.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/ogg.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/openal.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/qal.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sdl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/wave.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/glimp_sdl.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/ref.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/vid.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/icon/q2icon64.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/crc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/cvar.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/frame.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/glob.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/crc.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/glob.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/shared.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/header/zone.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/md4.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/movemsg.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/netchan.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/pmove.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/flash.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/rand.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/minizconf.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/unzip.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/unzip.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/common/zone.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_chase.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_combat.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_items.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_monster.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_phys.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_spawn.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_svcmds.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_target.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_trigger.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_turret.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_utils.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/g_weapon.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/header/game.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/berserker/berserker.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/berserker/berserker.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss3.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/flipper/flipper.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/flipper/flipper.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/float/float.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/float/float.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/flyer/flyer.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/flyer/flyer.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gladiator/gladiator.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gladiator/gladiator.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/infantry/infantry.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/infantry/infantry.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/medic/medic.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/medic/medic.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/misc/move.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/misc/player.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/parasite/parasite.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/parasite/parasite.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/player/client.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/player/trail.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/player/view.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/player/weapon.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/clientfields.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/fields.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/gamefunc_decs.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/gamefunc_list.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/gamemmove_decs.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/gamemmove_list.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/levelfields.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_entities.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_user.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_world.c
Examining data/yquake2-7.45+ctf1.07~dfsg/src/win-wrapper/wrapper.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_chase.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_combat.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_items.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_monster.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_phys.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_trigger.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_utils.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_weapon.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/ctf.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/game.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/menu.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/shared.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/monster/move.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/monster/player.h
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/trail.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/view.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/weapon.c
Examining data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c
FINAL RESULTS:
data/yquake2-7.45+ctf1.07~dfsg/src/backends/generic/misc.c:85:12: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
int len = readlink(buf, exePath, PATH_MAX-1);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:675:2: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, sizeof(wpath));
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:715:2: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_UTF8, 0, path_stdout, -1, wpath_stdout, sizeof(wpath_stdout));
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:716:2: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_UTF8, 0, path_stderr, -1, wpath_stderr, sizeof(wpath_stderr));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1199:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1202:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:307:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, filename, -1, wFilename, sizeof(wFilename)))
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:310:11: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
if (0 == MultiByteToWideChar(65001 /* UTF8 */, 0, mode, -1, wMode, sizeof(wMode)))
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:167:3: [5] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120). Risk is high,
it appears that the size is given as bytes, but the function requires size
as characters.
MultiByteToWideChar(CP_UTF8, 0, filename, -1, wfilename, sizeof(wfilename));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_chase.c:123:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "xv 0 yb -68 string2 \"Chasing %s\"",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:42:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, Info_ValueForKey(ent->client->pers.userinfo, "skin"));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:905:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(large, small);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1033:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, gi.argv(0));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1035:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, gi.args());
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1047:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, p);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:1398:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ent->client->resp.ghost->netname, ent->client->pers.netname);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2174:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2198:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2237:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2252:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(string, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2963:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buf, item->pickup_name);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2983:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), "%s with %i cells ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3002:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf + strlen(buf), "%i units of %s",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3040:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "the %s", tech->pickup_name);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3055:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, who->client->pers.weapon->pickup_name);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3094:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, s2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3101:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s2, targ->client->pers.netname);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3113:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, s2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3116:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buf, s);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3158:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3169:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3180:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3191:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3202:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3214:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(p, buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3486:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(ctfgame.ghosts[ghost].netname, ent->client->pers.netname);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4049:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s has requested to switch to competition mode.",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4898:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "Weapons Stay: %s", settings->weaponsstay ? "Yes" : "No");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4903:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "Instant Items: %s", settings->instantitems ? "Yes" : "No");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4908:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "Quad Drop: %s", settings->quaddrop ? "Yes" : "No");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4913:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "Instant Weapons: %s", settings->instantweap ? "Yes" : "No");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4918:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "Match Lock: %s", settings->matchlock ? "Yes" : "No");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5090:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s has requested admin rights.",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5131:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(st, "%s is not ready.\n", e2->client->pers.netname);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5135:6: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, st);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5189:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, st);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5232:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, st);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5287:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text, "%s has requested warping to level %s.",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c:148:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(text, error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c:161:2: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(text, msg, argptr);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:500:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(str, BUILD_DATE);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:809:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(level.nextmap, st.nextmap);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:279:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/listip.cfg", GAMEVERSION);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:283:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/listip.cfg", game->string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_utils.c:450:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, in);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:208:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string + strlen(string), "string2 \"\x0d%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:212:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string + strlen(string), "string2 \"%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:216:4: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(string + strlen(string), "string \"%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:297:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string + stringlength, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:312:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string + stringlength, entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:747:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, extension);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:903:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, 1024, format, argptr);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1120:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(bigbuffer, 0x10000, fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1130:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dest, bigbuffer);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:380:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, s);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:79:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, 1024, error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:259:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(findbase, path);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:264:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(findpattern, p + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:400:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(copy, s);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:69:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:717:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(dlbar, text);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:326:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, p);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:338:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(skin, p);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:491:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fn, "textures/%s.wal",
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:619:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cls.downloadname, filename);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:690:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cls.downloadname, filename);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:315:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_lines[edit_line] + 2, cmd);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:366:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_lines[edit_line] + 2, mapCmdString);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:368:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_lines[edit_line] + key_linepos, cmdArg);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:490:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_lines[edit_line], key_lines[history_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:517:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(key_lines[edit_line], key_lines[history_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:822:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(new, binding);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:920:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, Cmd_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:270:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, Cmd_Argv(1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:275:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(buffer, Cmd_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:247:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, rcon_client_password->string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:252:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(message, Cmd_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:944:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model_name, s);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:960:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(skin_name, s + strlen(model_name) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:1084:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cl.configstrings[i], s);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:254:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapname, cl.configstrings[CS_MODELS + 1] + 5); /* skip "maps/" */
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:276:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name, cl.configstrings[CS_MODELS + i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:604:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(litname, names[m_main_cursor]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2484:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(m_loadsave_statusbar, str);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2887:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(local_server_names[i], NO_SERVER_STRING);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3046:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(startmap, strchr(mapnames[s_startmap_list.curvalue], '\n') + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3204:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(shortname, COM_Parse(&s));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3212:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(longname, COM_Parse(&s));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3218:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mapnames[i], scratch);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3250:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_capturelimit_field.buffer, Cvar_VariableString("capturelimit"));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3289:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_timelimit_field.buffer, Cvar_VariableString("timelimit"));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3299:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_fraglimit_field.buffer, Cvar_VariableString("fraglimit"));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3320:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_maxclients_field.buffer, Cvar_VariableString("maxclients"));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3331:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_hostname_field.buffer, Cvar_VariableString("hostname"));
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4072:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_addressbook_fields[i].buffer, adr->string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4196:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch, skin);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4252:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch, dirnames[i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4267:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch, dirnames[i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4320:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(scratch, c + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4420:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(currentdirectory, skin->string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4424:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(currentskin, strchr(currentdirectory, '/') + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4429:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(currentskin, strchr(currentdirectory, '\\') + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4474:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s_player_name_field.buffer, name->string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:775:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, s->itemnames[s->curvalue]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:780:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(buffer, strchr(s->itemnames[s->curvalue], '\n') + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:876:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(image->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1182:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_name, namewe);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1188:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_name, namewe);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_main.c:1944:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c:192:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mod->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:412:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(image->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:765:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_name, namewe);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:771:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(tmp_name, namewe);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_main.c:1889:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c:1001:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mod->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/include/glad/glad.h:1286:69: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void * (APIENTRYP PFNGLMAPBUFFERPROC)(GLenum target, GLenum access);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/include/glad/glad.h:1841:114: [4] (race) access:
This usually indicates a security flaw. If an attacker can change anything
along the path between the call to access() and the file's actual use
(e.g., by moving files), the attacker can exploit the race condition
(CWE-362/CWE-367!). Set up the correct permissions (e.g., using setuid())
and try to open the file directly.
typedef void * (APIENTRYP PFNGLMAPBUFFERRANGEPROC)(GLenum target, GLintptr offset, GLsizeiptr length, GLbitfield access);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/ref_shared.h:61:79: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
extern void R_Printf(int level, const char* msg, ...) __attribute__ ((format (printf, 2, 3)));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:183:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (image->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:245:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (image->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:2340:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:146:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (mod->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:248:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(namebuffer, &name[1]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:360:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfx->name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:379:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, truename);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:402:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sfx->name, aliasname);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:465:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(model, p);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/ref.h:201:109: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
YQ2_ATTR_NORETURN_FUNCPTR void (IMPORT *Sys_Error) (int err_level, char *str, ...) __attribute__ ((format (printf, 2, 3)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:144:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, in);
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:86:16: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int msgLen = vsnprintf(msg, MAXPRINTMSG, fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:100:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(rd_buffer, msg);
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:215:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, MAXPRINTMSG, fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:240:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, MAXPRINTMSG, fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:324:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, COM_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:349:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(build, text + i);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:487:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(a->name, s);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:495:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(cmd, Cmd_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:597:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(temporary + i + j, start);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:599:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(expanded, temporary);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:674:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd_args, text);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:703:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cmd_argv[cmd_argc], com_token);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:950:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, partial);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:962:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(retval, pmatch[0]);
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1625:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, name);
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1760:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(map_name, name);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:285:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), format, argPtr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1772:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(datadir, fs_basedir->string);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1881:8: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(modnames[nmods], modname);
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:39:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error YQ2OSTYPE should be defined by the build system
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:43:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error YQ2ARCH should be defined by the build system
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:712:57: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Com_Printf(char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:713:58: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Com_DPrintf(char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:715:59: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
void Com_MDPrintf(char *fmt, ...) __attribute__ ((format (printf, 1, 2)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:716:84: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
YQ2_ATTR_NORETURN void Com_Error(int code, char *fmt, ...) __attribute__ ((format (printf, 2, 3)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/shared.h:303:54: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
char *va(char *format, ...) __attribute__ ((format (printf, 1, 2)));
data/yquake2-7.45+ctf1.07~dfsg/src/common/netchan.c:155:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, MAX_MSGLEN - 4, format, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:749:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path, extension);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:913:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, 1024, format, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1091:8: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
len = vsnprintf(dest, size, fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:47:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(value, Info_ValueForKey(ent->client->pers.userinfo, "skin"));
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1002:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(large, small);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1099:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, gi.argv(0));
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1101:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, gi.args());
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1113:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, p);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1223:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, st);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c:163:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), error, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c:176:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(text, sizeof(text), msg, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_spawn.c:899:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(level.nextmap, st.nextmap);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_svcmds.c:287:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/listip.cfg", GAMEVERSION);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_svcmds.c:291:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(name, "%s/listip.cfg", game->string);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_utils.c:493:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(out, in);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:315:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string + stringlength, entry);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:331:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string + stringlength, entry);
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:86:49: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error YQ2OSTYPE should be defined by the build system
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:90:47: [4] (shell) system:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
#error YQ2ARCH should be defined by the build system
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:479:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(text, p);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:378:4: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(remaining, Cmd_Argv(i));
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:81:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:110:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:141:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:159:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(msg, sizeof(msg), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:208:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv.configstrings[index], val);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:211:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv.configstrings[CS_NAME], server);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:226:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv.name, server);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:242:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv.name, server);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:243:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sv.configstrings[CS_NAME], server);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:431:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(level, levelstring);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:461:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(spawnpoint, ch + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:99:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(status, Cvar_Serverinfo());
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:118:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(status + statusLength, player);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:142:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(name + len, found + len);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:305:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(cvarname, var->name);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:306:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string, var->string);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:377:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(svs.mapcmd, mapcmd);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:61:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, sizeof(string), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:81:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, sizeof(string), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:133:2: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(string, sizeof(string), fmt, argptr);
data/yquake2-7.45+ctf1.07~dfsg/src/win-wrapper/wrapper.c:82:2: [4] (buffer) wcscat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120).
wcscat(lastBackSlash, WRAPPED_EXE);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:168:52: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + 15 + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:172:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:196:52: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + 15 + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:200:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:779:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < chance)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:782:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.attack_finished = level.time + 2 * random();
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ai.c:788:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c:2239:64: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + self->wait + crandom() * self->random;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c:2276:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (self->random >= self->wait)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c:2285:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->wait + crandom() * self->random;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:41:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v[2] = 200.0 + 100.0 * random();
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:93:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 8 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:180:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[0] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:181:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[1] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:182:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[2] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:185:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->nextthink = level.time + 10 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:231:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 10 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:307:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[0] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:308:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[1] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:309:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[2] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:311:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->nextthink = level.time + 5 + random() * 5;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1744:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1745:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1746:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1767:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1768:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1769:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1790:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1791:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1792:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_monster.c:149:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_monster.c:155:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 5 + 10 * random();
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_monster.c:339:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:53:18: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{"random", FOFS(random), F_FLOAT},
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_weapon.c:45:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_weapon.c:553:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:504:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() ((rand() & 0x7fff) / ((float)0x7fff))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:505:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define crandom() (2.0 * (random() - 0.5))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:1074:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
float random;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/weapon.c:900:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
damage = 100 + (int)(random() * 20.0);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/weapon.c:1224:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->s.frame = FRAME_crattak1 - (int)(random() + 0.25);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/weapon.c:1229:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->s.frame = FRAME_attack1 - (int)(random() + 0.25);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/main.c:77:9: [3] (buffer) realpath:
This function does not protect against buffer overflows, and some
implementations can overflow internally (CWE-120/CWE-785!). Ensure that the
destination buffer is at least of size MAXPATHLEN, andto protect against
implementation problems, the input argument should also be checked to
ensure it is no larger than MAXPATHLEN.
if(realpath(argv[i + 1], datadir) == NULL)
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:478:9: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
home = getenv("HOME");
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:745:22: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE userDLL = LoadLibrary("USER32.DLL");
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:754:24: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
HINSTANCE shcoreDLL = LoadLibrary("SHCORE.DLL");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:284:15: [3] (buffer) getenv:
Environment variables are untrustable input if they can be set by an
attacker. They can have any content and length, and the same variable can
be set more than once (CWE-807, CWE-20). Check environment variables
carefully before using them.
char *env = getenv(Cmd_Argv(1));
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:170:52: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + 15 + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:174:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:203:52: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + 15 + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:207:47: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.idle_time = level.time + random() * 15;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:831:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < chance)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:834:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.attack_finished = level.time + 2 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_ai.c:840:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c:2580:64: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + self->wait + crandom() * self->random;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c:2627:12: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (self->random >= self->wait)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c:2636:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->wait + crandom() * self->random;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:70:25: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
v[2] = 200.0 + 100.0 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:134:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 8 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:237:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[0] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:238:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[1] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:239:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->avelocity[2] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:242:37: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
gib->nextthink = level.time + 10 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:294:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 10 + random() * 10;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:392:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[0] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:393:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[1] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:394:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->avelocity[2] = random() * 600;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:396:38: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
chunk->nextthink = level.time + 5 + random() * 5;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2123:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2124:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2125:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2151:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2152:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2153:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2179:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[0] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2180:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[1] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2181:22: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->avelocity[2] = random() * 200;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_monster.c:202:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_monster.c:208:42: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->nextthink = level.time + 5 + 10 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_monster.c:413:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_turret.c:136:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
damage = 100 + random() * 50;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_weapon.c:50:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_weapon.c:622:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:505:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() ((randk() & 0x7fff) / ((float)0x7fff))
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:506:27: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define crandom() (2.0 * (random() - 0.5))
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:1071:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
float random;
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/berserker/berserker.c:136:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.15)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/berserker/berserker.c:415:24: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if ((damage < 20) || (random() < 0.5))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:48:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:552:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.6)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:584:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.7)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:758:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < chance)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:761:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.attack_finished = level.time + 2 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss2/boss2.c:767:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:61:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:527:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.9)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:580:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.6)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:590:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.005)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:598:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.00005)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:606:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.005)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:631:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:734:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.75)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:858:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < chance)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:861:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.attack_finished = level.time + 2 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss31.c:867:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:65:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:744:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.2)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:771:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.45)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:779:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.35)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:809:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:1031:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < chance)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:1034:56: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
self->monsterinfo.attack_finished = level.time + 2 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/boss3/boss32.c:1040:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.c:378:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.c:611:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.c:691:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/brain/brain.c:773:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:62:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:126:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:370:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:613:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:767:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.6)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/chick/chick.c:837:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.9)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/float/float.c:235:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/float/float.c:696:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/float/float.c:829:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/flyer/flyer.c:737:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.8)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gladiator/gladiator.c:379:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c:161:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.05)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c:538:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c:609:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c:806:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/gunner/gunner.c:840:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.c:55:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.c:537:8: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.6)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.c:672:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/hover/hover.c:772:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/infantry/infantry.c:632:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:584:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.8)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:616:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:749:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:751:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:776:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/insane/insane.c:801:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/medic/medic.c:438:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/medic/medic.c:689:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.25)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/medic/medic.c:740:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.95)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:183:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.75)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:380:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.5)) || (range(self, self->enemy) == RANGE_MELEE))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:441:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
damage = 40 + 10 * random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:587:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.9)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:702:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/mutant/mutant.c:823:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/parasite/parasite.c:198:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.8)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/parasite/parasite.c:460:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:51:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.8)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:182:4: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.8))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:200:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.1)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:279:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:496:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:666:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.5)) || (range(self, self->enemy) == RANGE_MELEE))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:695:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.5)) || (range(self, self->enemy) == RANGE_MELEE))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:755:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.5)) || (range(self, self->enemy) == RANGE_MELEE))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:784:5: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
(random() < 0.5)) || (range(self, self->enemy) == RANGE_MELEE))
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:1000:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:1023:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:1034:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:1085:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/soldier/soldier.c:1105:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.c:62:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.5)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.c:569:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.9)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.c:606:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.2)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/supertank/supertank.c:744:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() < 0.3)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.c:399:7: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() > 0.2)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.c:652:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.6)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.c:870:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random() <= 0.4)
data/yquake2-7.45+ctf1.07~dfsg/src/game/monster/tank/tank.c:916:6: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
r = random();
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/weapon.c:941:23: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
damage = 100 + (int)(random() * 20.0);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/weapon.c:1286:41: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->s.frame = FRAME_crattak1 - (int)(random() + 0.25);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/weapon.c:1291:40: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
ent->s.frame = FRAME_attack1 - (int)(random() + 0.25);
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/fields.h:44:17: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
{"random", FOFS(random), F_FLOAT},
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_chase.c:120:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:62:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ent1Team[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ent2Team[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:231:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ent->health = atoi(gi.argv(2));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:382:41: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ent->client->pers.inventory[index] = atoi(gi.argv(2));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:871:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char small[64];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:872:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char large[1280];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:901:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(large, "...\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:916:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(gi.argv(1));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1010:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2048];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:61:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char elevel[32]; /* for map election, target level */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char emsg[256]; /* election name */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:464:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char t[64];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:474:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(t, "male/");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1400];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2137:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string, "if 24 xv 8 yv 8 pic 24 endif "
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2162:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry + strlen(entry), "ctf 0 %d %d %d %d ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2168:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry + strlen(entry), "xv 56 yv %d picn sbfctf2 ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2186:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry + strlen(entry), "ctf 160 %d %d %d %d ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2192:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry + strlen(entry), "xv 216 yv %d picn sbfctf1 ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2236:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry, "xv 0 yv %d string2 \"Spectators\" ", j);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2242:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(entry + strlen(entry),
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2267:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), "xv 8 yv %d string \"..and %d more\" ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2273:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2874:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "nowhere");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2917:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "nowhere");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2924:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "in the water ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2938:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "above ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2942:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "below ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2947:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "near ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2952:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "the red ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2956:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "the blue ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2960:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "the ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2999:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(buf, "and ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3009:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "no armor");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3018:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "dead");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3022:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%i health", who->health);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3047:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "no powerup");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3059:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "none");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3069:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s2[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3091:6: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s, ", ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3110:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(s, " and ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3120:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(buf, "no one");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char outmsg[256];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3311:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char levelname[33];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3828:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
n = atoi(gi.argv(1));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4045:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4069:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char team1players[32];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4070:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char team2players[32];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4141:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(team1players, " (%d players)", num1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4142:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(team2players, " (%d players)", num2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4265:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4394:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%02d:%02d SETUP: %d not ready",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4399:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "SETUP: %d not ready", j);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4406:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%02d:%02d UNTIL START", t / 60, t % 60);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4421:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "%02d:%02d MATCH", t / 60, t % 60);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4649:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[80];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4664:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", settings->matchlen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4681:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", settings->matchsetuplen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4698:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", settings->matchstartlen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4717:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", i);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4736:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", i);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4755:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", i);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4763:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", (int)settings->instantweap);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4771:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%d", (int)settings->matchlock);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4880:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[64];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4883:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Match Len: %2d mins", settings->matchlen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4888:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Match Setup Len: %2d mins", settings->matchsetuplen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:4893:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "Match Start Len: %2d secs", settings->matchstartlen);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5111:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[80];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5160:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(text, " #|Name |Score|Kills|Death|BasDf|CarDf|Effcy|\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5178:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(st, "%3d|%-16.16s|%5d|%5d|%5d|%5d|%5d|%4d%%|\n",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5184:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5199:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[80];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5200:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1400];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5227:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[80];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5321:6: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(gi.argv(1));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5337:2: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text, "kick %d\n", i - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c:1065:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
door_use_areaportals(edict_t *self, qboolean open)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_func.c:1078:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gi.SetAreaPortalState(t->style, open);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_items.c:1306:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_items.c:1370:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, start, len);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c:145:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c:158:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_main.c:356:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:485:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:492:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:520:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[16];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:524:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:655:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "wb");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:714:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:368:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
*(int *)(b + f->ofs) = atoi(value);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[256];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:88:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[128];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:115:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
b[i] = atoi(num);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:270:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_svcmds.c:288:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(name, "wb");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c:109:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c:836:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style[2];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_trigger.c:684:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
self->gravity = atoi(st.gravity);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_utils.c:324:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[8][32];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/ctf.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netname[16];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/game.h:138:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*SetAreaPortalState)(int portalnum, qboolean open);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpmessage1[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpmessage2[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spawnpoint[512]; /* needed for coop respawns */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level_name[MAX_QPATH]; /* the descriptive name (Outer Base, etc) */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH]; /* the server name (base1, etc) */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:304:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextmap[MAX_QPATH]; /* go here when fraglimit is hit */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:305:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char forcemap[MAX_QPATH]; /* go here */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:800:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/local.h:801:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netname[16];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/shared.h:402:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/header/shared.h:410:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[32];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:56:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(hnd->entries, entries, sizeof(pmenu_t) * num);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:156:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1400];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:172:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(string, "xv 32 yv 8 picn inventory ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:189:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), "yv %d ", 32 + i * 8);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:204:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(string + strlen(string), "xv %d ", x - ((hnd->cur == i) ? 8 : 0));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1092:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1102:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1183:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
client->ps.fov = atoi(Info_ValueForKey(client->pers.userinfo, "fov"));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1355:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(userinfo, "\\name\\badinfo\\skin\\male/grunt");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1388:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ent->client->ps.fov = atoi(Info_ValueForKey(userinfo, "fov"));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1405:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ent->client->pers.hand = atoi(s);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:202:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:203:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1400];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/view.c:1332:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(e->client->ps.stats, ent->client->ps.stats,
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:900:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:909:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com_token[MAX_TOKEN_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bigbuffer[0x10000];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1150:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[2][512]; /* use two buffers so compares
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1211:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1212:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1294:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newi[MAX_INFO_STRING], *v;
data/yquake2-7.45+ctf1.07~dfsg/src/backends/generic/misc.c:82:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[PATH_MAX] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/backends/generic/misc.c:146:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char exeDir[PATH_MAX] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:119:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)s)->sin_addr,
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:166:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->ip, (struct in_addr *)&s6->sin6_addr.s6_addr[12],
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:272:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:299:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)&ss)->sin_addr,
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:310:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s6->sin6_addr, a.ip, sizeof(struct in6_addr));
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:331:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:357:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:369:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[128];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:423:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sadr, resultp->ai_addr, resultp->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:487:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_message->data, loop->msgs[i].data, loop->msgs[i].datalen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:504:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loop->msgs[i].data, data, length);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:658:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:663:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mcast_addr[128], mcast_port[10];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:705:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s6, res->ai_addr, res->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:808:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[BUFSIZ], *Host, *Service;
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:840:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Buf, "%5d", port);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/network.c:893:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ss, ai->ai_addr, ai->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfgdir[MAX_OSPATH] = CFGDIR;
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:117:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char text[256];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:243:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char findbase[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:244:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char findpath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:245:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char findpattern[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:383:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fp = fopen(name, "rb");
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:475:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:505:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filepath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/main.c:65:5: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, argv[i + 1], -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:110:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s6, res->ai_addr, res->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:124:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)s)->sin_addr,
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:170:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->ip,
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:283:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&((struct sockaddr_in *)&ss)->sin_addr,
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:314:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&s6->sin6_addr, a.ip, sizeof(struct in6_addr));
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:341:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:369:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char s[64];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:388:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[128];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:442:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sadr, resultp->ai_addr, resultp->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:447:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sadr, resultp->ai_addr, resultp->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:516:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(net_message->data, loop->msgs[i].data, loop->msgs[i].datalen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:534:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loop->msgs[i].data, data, length);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:705:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[128];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:727:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mcast_addr[128];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:728:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mcast_port[10];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:748:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s6, res->ai_addr, res->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:806:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Buf[BUFSIZ], *Host, *Service;
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:838:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(Buf, "%5d", port);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/network.c:889:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ss, ai->ai_addr, ai->ai_addrlen);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cfgdir[MAX_OSPATH] = CFGDIR;
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char console_text[256];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:60:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:235:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[256];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:317:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char findbase[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:318:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char findpath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:332:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:399:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:422:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, name, -1, wname, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:433:3: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, name, -1, wname, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:460:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:469:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:484:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char profile[MAX_PATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:503:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char gdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:541:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:550:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, from, -1, wfrom, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:553:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, to, -1, wto, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:566:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:620:2: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
MultiByteToWideChar(CP_UTF8, 0, path, -1, wpath, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:692:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:693:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_stdout[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:694:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path_stderr[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_cin.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*palette, (byte *)pcx + len - 768, 768);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_cin.c:634:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH], *dot;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:34:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char key_lines[NUM_KEY_LINES][MAXCMDLINE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:149:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:150:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:201:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, line, con.linewidth);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tbuf[CON_TEXTSIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:304:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(tbuf, con.text, CON_TEXTSIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:599:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char version[48];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:600:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char dlbar[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:601:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char timebuf[48];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:602:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmpbuf[48];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:711:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dlbar, text, i);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:713:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dlbar, "...");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:720:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(dlbar, ": ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:751:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(dlbar + strlen(dlbar), " %02d%%", cls.downloadpercent);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:67:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *env_suf[6] = {"rt", "bk", "lf", "ft", "up", "dn"};
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:306:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[MAX_QPATH], skin[MAX_QPATH], *p;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:489:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fn[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:553:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:625:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cls.downloadtempname, ".tmp");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:667:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:697:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(cls.downloadtempname, ".tmp");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:711:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:780:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char oldn[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_download.c:781:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newn[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_effects.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soundname[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_effects.c:331:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char soundname[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_inventory.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_inventory.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char binding[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:38:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key_lines[NUM_KEY_LINES][MAXCMDLINE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:46:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *keybindings[K_LAST];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:608:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char chat_buffer[MAXCMDLINE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:774:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char tinystr[2] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:871:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:958:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:1005:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:1178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:148:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:267:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sk[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:618:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:192:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char server[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:224:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char message[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:245:2: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(message, "rcon ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:334:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy((char *)final + 1, "disconnect");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:381:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char send[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:506:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *svc_strings[256] = {
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:910:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:911:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skin_name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:912:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model_filename[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:913:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skin_filename[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:914:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char weapon_filename[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:931:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model_filename, "players/male/tris.md2");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:932:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(weapon_filename, "players/male/weapon.md2");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:933:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(skin_filename, "players/male/grunt.pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:934:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ci->iconname, "/players/male/grunt_i.pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:969:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model_name, "male");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:985:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model_name, "male");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:1065:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char olds[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char crosshair_pic[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:163:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scr_centerstring[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:821:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *sb_nums[2][11] = {
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:878:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:929:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[16], *ptr;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1167:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char block[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1197:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(block, "%3d %3d %-12.12s", score, ping, ci->name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1442:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1472:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_tempentities.c:122:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:60:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cl_weaponmodels[MAX_CLIENTWEAPONMODELS][MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:272:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(cl_weaponmodels[0], "weapon.md2");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:414:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:99:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dl->tempBuffer + dl->position, ptr, bytes);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:137:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(p, "%%%02x", filePath[i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:197:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempFile[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:198:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char escapedFilePath[MAX_QPATH*4];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:319:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lowerPath[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:409:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamePath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:519:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempName[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:1084:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileList[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:1105:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listPath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:1106:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filePath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/download.h:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char quakePath[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/download.h:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filePath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/download.h:59:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char URL[576];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/header/download.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedir[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/qcurl.c:102:39: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
cl_libcurl = Cvar_Get("cl_libcurl", (char *)libcurl[0], CVAR_ARCHIVE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/qcurl.c:131:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
Cvar_Set("cl_libcurl", (char *)libcurl[i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:90:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:91:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cinfo[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:96:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char iconname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:103:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cl_weaponmodels[MAX_CLIENTWEAPONMODELS][MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char layout[1024]; /* general 2D overlay */
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:159:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char cinematicpalette[768];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gamedir[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configstrings[MAX_CONFIGSTRINGS][MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:227:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char servername[256]; /* name of server from original connect */
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:240:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downloadtempname[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:241:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downloadname[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:256:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downloadServer[512]; /* URL prefix to dowload from .*/
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:257:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downloadServerRetry[512]; /* retry count. */
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:258:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char downloadReferer[32]; /* referer string. */
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/client.h:492:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *svc_strings[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/console.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[CON_TEXTSIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/keyboard.h:302:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char *keybindings[K_LAST];
data/yquake2-7.45+ctf1.07~dfsg/src/client/header/screen.h:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char crosshair_pic[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/input/sdl.c:1442:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char joystick_guid[256] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/header/qmenu.h:79:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:424:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cursorname[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:569:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char litname[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:605:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(litname, "_sel");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:979:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1453:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *creditsIndex[CREDITS_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1967:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mods_statusbar[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1987:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mods_statusbar, "Quake II");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1991:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mods_statusbar, "Quake II Capture The Flag");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1995:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mods_statusbar, "Quake II Mission Pack: Ground Zero");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1999:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(mods_statusbar, "Quake II Mission Pack: The Reckoning");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2303:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2380:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_quicksavestring[32];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2383:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_savestrings[MAX_SAVESLOTS][32];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2387:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char m_loadsave_statusbar[32];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2400:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2401:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp[32]; // Same length as m_quicksavestring-
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2408:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_quicksavestring, "QUICKSAVE <empty>");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2440:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_savestrings[i], "<empty>");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2468:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(m_loadsave_statusbar, "pages: ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2809:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char local_server_names[MAX_LOCAL_SERVERS][80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2810:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char local_server_netadr_strings[MAX_LOCAL_SERVERS][80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2851:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3039:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char startmap[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3199:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char shortname[MAX_TOKEN_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3200:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char longname[MAX_TOKEN_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3201:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[200];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3392:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char dmoptions_statusbar[128];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4056:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4084:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4133:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char displayname[MAX_DISPLAYNAME];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4134:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char directory[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4138:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *s_pmnames[MAX_PLAYERMODELS];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4169:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
s_player_skin_box.itemnames = (const char **)s_pmi[s_player_model_box.curvalue].skindisplaynames;
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4194:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4198:5: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(scratch, "_i.pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4216:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4253:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(scratch, "/tris.md2");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4268:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(scratch, "/*.pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4401:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currentdirectory[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4402:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char currentskin[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4434:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(currentdirectory, "male");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4435:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(currentskin, "grunt");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4503:16: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
(const char **)s_pmi[currentdirectoryindex].skindisplaynames;
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4590:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4645:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scratch[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4764:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[20];
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:115:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tempbuffer[128] = "";
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:756:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[100];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/pcx.c:113:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(px, quitscreenfix+qsIdx, 98);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/pcx.c:130:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/pcx.c:207:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(*palette, (byte *)pcx + len - 768, 768);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb.c:56:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:581:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char validate_uint32[sizeof(stbi__uint32)==4 ? 1 : -1];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1096:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, row0, bytes_copy);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1097:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row0, row1, bytes_copy);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1098:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(row1, temp, bytes_copy);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1182:49: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBI_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1197:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wMode[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1198:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wFilename[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1216:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, mode);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1516:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, blen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1526:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer, s->img_buffer, n);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:2972:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag[5] = {'J','F','I','F','\0'};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:2982:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char tag[6] = {'A','d','o','b','e','\0'};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:3087:29: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const unsigned char rgb[3] = { 'R', 'G', 'B' };
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:4159:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(a->zout, a->zbuffer, len);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:4483:40: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
case STBI__F_none: memcpy(cur, raw, nk); break;
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:4639:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(final + out_y*a->s->img_x*out_bytes + out_x*out_bytes,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:5549:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char raw_data[4] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6454:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &two_back[pi * 4], 4 );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6461:16: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &g->background[pi * 4], 4 );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6472:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( g->background, g->out, 4 * g->w * g->h );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6536:22: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( &g->out[pi * 4], &g->pal[g->bgindex], 4 );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6623:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( out + ((layers - 1) * stride), u, stride );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6762:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STBI__HDR_BUFLEN];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:6890:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[STBI__HDR_BUFLEN];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:417:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char stbir__validate_uint32[sizeof(stbir_uint32) == 4 ? 1 : -1];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:1768:32: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
((unsigned char *)output_buffer)[pixel_index + alpha_channel] = STBIR__ENCODE_LINEAR8(encode_buffer[pixel_index+alpha_channel]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2300:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_output_before_pre[OVERWRITE_ARRAY_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2301:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_tempmem_before_pre[OVERWRITE_ARRAY_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2302:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_output_after_pre[OVERWRITE_ARRAY_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2303:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char overwrite_tempmem_after_pre[OVERWRITE_ARRAY_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2306:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_output_before_pre, &((unsigned char*)output_data)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2307:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_output_after_pre, &((unsigned char*)output_data)[begin_forbidden], OVERWRITE_ARRAY_SIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2308:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_tempmem_before_pre, &((unsigned char*)tempmem)[-OVERWRITE_ARRAY_SIZE], OVERWRITE_ARRAY_SIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image_resize.h:2309:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(overwrite_tempmem_after_pre, &((unsigned char*)tempmem)[tempmem_size_in_bytes], OVERWRITE_ARRAY_SIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_draw.c:110:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_draw.c:476:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char image8[256 * 256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:36:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static unsigned char gammatable[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:132:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char temptable[768];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:302:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *palstrings[2] = {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:551:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char paletted_texture[256 * 256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:654:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(scaled, data, width * height * 4);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:983:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1038:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namewe[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1058:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1177:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1183:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_name, ".wal");
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1189:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_name, ".pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_main.c:1941:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[4096]; // MAXPRINTMSG == 4096
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_md2.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poutframe->verts, pinframe->verts,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_md2.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)pheader + pheader->ofs_skins,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_misc.c:154:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rowBuffer, curRowL, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_misc.c:155:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curRowL, curRowH, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_misc.c:156:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curRowH, rowBuffer, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c:249:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->lightdata, mod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c:264:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->vis, mod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c:376:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_model.c:1057:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_sdl.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[40] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_sp2.c:64:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sprout->frames[i].name, sprin->frames[i].name, MAX_SKINNAME);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_surf.c:1019:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fatvis, vis, (r_worldmodel->numleafs + 7) / 8);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_warp.c:35:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skyname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_warp.c:48:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *suf[6] = {"rt", "bk", "lf", "ft", "up", "dn"};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_warp.c:237:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poly->verts[i + 1], poly->verts[1], sizeof(poly->verts[0]));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_warp.c:730:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/header/local.h:104:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH]; /* game path, including extension */
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/header/model.h:153:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_draw.c:166:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:567:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:622:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namewe[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:642:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:760:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_name[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:766:3: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_name, ".wal");
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:772:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(tmp_name, ".pcx");
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:883:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char *formatstrings[2] = {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_main.c:685:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, verts, neededSize);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_main.c:1886:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[4096]; // MAXPRINTMSG == 4096
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_md2.c:136:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(poutframe->verts, pinframe->verts,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_md2.c:152:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)pheader + pheader->ofs_skins,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_misc.c:139:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(rowBuffer, curRowL, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_misc.c:140:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curRowL, curRowH, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_misc.c:141:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(curRowH, rowBuffer, bytesPerRow);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c:132:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->lightdata, mod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c:147:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(loadmodel->vis, mod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c:259:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_model.c:1054:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_sdl.c:354:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[40] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_shaders.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_shaders.c:124:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_shaders.c:918:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lmName[10] = "lightmapX";
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_shaders.c:1162:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(ptr, data, size);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_sp2.c:62:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(sprout->frames[i].name, sprin->frames[i].name, MAX_SKINNAME);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_surf.c:901:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fatvis, vis, (gl3_worldmodel->numleafs + 7) / 8);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_warp.c:317:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_warp.c:318:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skyname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/DG_dynarr.h:831:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p+itemsize*idx, p+itemsize*(cnt - m), itemsize*m);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/DG_dynarr.h:906:19: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
if(p != NULL) memcpy(p, *arr, itemsize*md->cnt);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/DG_dynarr.h:947:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, *arr, cnt*itemsize);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/local.h:272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH]; /* game path, including extension */
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/header/model.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/header/local.h:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH]; // game path, including extension
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/header/model.h:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_draw.c:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_draw.c:206:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, source, w);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_draw.c:237:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (dest, dest_orig, w);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_draw.c:331:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest, source, pic->width);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:209:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixels[0], pic, size);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:266:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixels[0], (byte *)mt + ofs, file_size - ofs);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:272:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(image->pixels[0], (byte *)mt + ofs, size);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:438:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namewe[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:457:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:584:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d_16to8table, table16to8, 0x10000);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char skyname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:72:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char gammatable[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char currentpalette[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:1242:48: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
R_GammaCorrectAndSetPalette( ( const unsigned char * ) palette[0] );
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:1699:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char *suf[6] = {"rt", "bk", "lf", "ft", "up", "dn"};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:1707:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pathname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:1865:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char title[40] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:2337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[4096]; // MAXPRINTMSG == 4096
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:115:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(name+1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:337:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (loadmodel->vis, mod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:470:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:1188:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (poutframe->verts, pinframe->verts,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:1205:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy ((char *)pheader + pheader->ofs_skins, (char *)pinmodel + pheader->ofs_skins,
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:1261:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (sprout->frames[i].name, sprin->frames[i].name, MAX_SKINNAME);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_model.c:1280:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullname[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_poly.c:550:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (instep, in, sizeof (vec5_t));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_poly.c:561:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (outstep, instep, sizeof (vec5_t));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_surf.c:105:30: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
prowdest[b] = ((unsigned char *)vid_colormap)
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/local.h:65:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:1010:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static signed char log2_4[16] = { 0,1,2,2,3,3,3,3,4,4,4,4,4,4,4,4 };
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:1348:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, z->stream, n);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:2274:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n2);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:2298:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n2);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:2319:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(x, buffer, sizeof(*x) * n);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:2335:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, buffer, n2 * sizeof(float));
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:2977:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(w, u, sizeof(u));
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:3275:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(really_zero_channel, zero_channel, sizeof(really_zero_channel[0]) * f->channels);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:3751:10: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(c->codeword_lengths, lengths, c->entries);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:4927:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char header[6];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:5062:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, "rb");
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:5121:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef char stb_vorbis_float_size_test[sizeof(float)==4 && sizeof(int) == 4];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:5436:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buffer[i]+n, f->channel_buffers[i]+f->channel_buffer_start, sizeof(float)*k);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/ogg.c:131:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char gameMusicDir[MAX_QPATH] = {0}; // e.g. "xatrix/music"
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/ogg.c:172:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fullMusicPath[MAX_OSPATH] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/ogg.c:180:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char testFileName[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sdl.c:1264:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream, backend->buffer + pos, length1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sdl.c:1273:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(stream + length1, backend->buffer, length2);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sdl.c:1290:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reqdriver[128];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:215:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char namebuffer[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:449:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char model[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:450:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sexedFilename[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:451:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char maleFilename[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:478:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(model, "male");
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:1085:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[256];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/glimp_sdl.c:266:65: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
YQ2_COM_CHECK_OOM(displayindices[i], "malloc()", 11 * sizeof( char ))
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:292:50: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
STBIW_EXTERN __declspec(dllimport) int __stdcall MultiByteToWideChar(unsigned int cp, unsigned long flags, const char *str, int cbmb, wchar_t *widestr, int cchwide);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:305:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wMode[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:306:4: [2] (buffer) wchar_t:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
wchar_t wFilename[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:324:8: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(filename, mode);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:355:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[2];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:361:31: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char b[4];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:390:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char arr[3];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:397:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bg[3] = { 255, 0, 255}, px[3];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:636:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char scanlineheader[4] = { 2, 2, 0, 0 };
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:637:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char rgbe[4];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:731:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[128];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:738:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
len = sprintf(buffer, "EXPOSURE= 1.0000000000000\n\n-Y %d +X %d\n", y, x);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:1049:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line_buffer, z, width*n);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:1078:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char sig[8] = { 137,80,78,71,13,10,26,10 };
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/header/stb_image_write.h:1413:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char YTable[64], UVTable[64];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/icon/q2icon64.h:5:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pixel_data[64 * 64 * 4];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:74:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char picname[80];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:75:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char checkname[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:121:14: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
quality = atoi(q);
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reflib_name[64] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char reflib_path[MAX_OSPATH] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:32:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *com_argv[MAX_NUM_ARGVS + 1];
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:151:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char key[512];
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:84:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAXPRINTMSG];
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:144:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:207:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[MAXPRINTMSG];
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:229:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char msg[MAXPRINTMSG];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:46:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_ALIAS_NAME];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char retval[256];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:56:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cmd_argv[MAX_STRING_TOKENS];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:58:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char cmd_args[MAX_STRING_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:61:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char defer_text_buf[32768];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:115:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temp, cmd_text.data, templen);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:137:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(defer_text_buf, cmd_text_buf, cmd_text.cursize);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:221:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(line, text, i);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:397:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(f2, f, len);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:446:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cmd[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:540:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char expanded[MAX_STRING_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:541:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temporary[MAX_STRING_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:595:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temporary, scan, i);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:596:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(temporary + i, token, j);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:802:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pmatch[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:925:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *pmatch[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:78:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char map_entitystring[MAX_MAP_ENTSTRING];
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:185:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
CM_SetAreaPortalState(int portalnum, qboolean open)
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:192:26: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
portalopen[portalnum] = open;
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1597:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, sizeof(dareaportal_t) * count);
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1610:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map_visibility, cmod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1620:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1640:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map_entitystring, buffer, bufLen);
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1661:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(map_entitystring, cmod_base + l->fileofs, l->filelen);
data/yquake2-7.45+ctf1.07~dfsg/src/common/crc.c:178:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chkb, base, length);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cvar.c:433:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char val[32];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cvar.c:572:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cvar.c:657:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char info[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/src/common/cvar.c:699:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:47:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:63:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:70:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH]; /* Only one used. */
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:111:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char datadir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:112:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fs_gamedir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:211:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dst, path, pos - path);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:276:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:373:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH], lwrName[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:782:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fileName[MAX_QPATH]; /* File name. */
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1049:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH]; /* Temporary path. */
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1264:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char findname[1024]; /* File search path and pattern. */
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1266:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char wildcard[1024] = "*.*"; /* File pattern. */
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1338:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1420:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1546:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1815:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char findnamepattern[MAX_OSPATH], modname[MAX_QPATH], searchpath[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/frame.c:77:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userGivenGame[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:622:52: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void CM_SetAreaPortalState(int portalnum, qboolean open);
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:753:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char datadir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:756:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char cfgdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/common.h:759:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char userGivenGame[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[56];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:59:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char palette[48];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:64:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filler[58];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:107:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16]; /* frame name from grabbing */
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_SKINNAME]; /* name of pcx file */
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:168:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:171:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char animname[32]; /* next frame in animation chain */
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/files.h:341:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char texture[32]; /* texture name (textures*.wal) */
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/shared.h:502:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/yquake2-7.45+ctf1.07~dfsg/src/common/header/shared.h:510:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char rname[32];
data/yquake2-7.45+ctf1.07~dfsg/src/common/movemsg.c:898:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/common/movemsg.c:925:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/common/movemsg.c:980:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(move, from, sizeof(*move));
data/yquake2-7.45+ctf1.07~dfsg/src/common/netchan.c:152:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[MAX_MSGLEN - 4];
data/yquake2-7.45+ctf1.07~dfsg/src/common/netchan.c:244:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(chan->reliable_buf, chan->message_buf, chan->message.cursize);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:704:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, s2 + 1, s - s2);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:724:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out, in, s - in);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:872:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&swapTestShort, swaptest, 2);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:910:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:919:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char com_token[MAX_TOKEN_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1163:12: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
int len = MultiByteToWideChar(CP_UTF8, 0, file, -1, wfile, MAX_OSPATH);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1167:7: [2] (buffer) MultiByteToWideChar:
Requires maximum length in CHARACTERS, not bytes (CWE-120).
if (MultiByteToWideChar(CP_UTF8, 0, mode, -1, wmode, 16) > 0)
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1194:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
return fopen(file, mode);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1214:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey[512];
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1215:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char value[2][512]; /* use two buffers so compares
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1271:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pkey[512];
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1272:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char value[512];
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1349:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char newi[MAX_INFO_STRING], *v;
data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c:76:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(SZ_GetSpace(buf, length), data, length);
data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c:90:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((byte *)SZ_GetSpace(buf, len), data, len); /* no trailing 0 */
data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c:94:4: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((byte *)SZ_GetSpace(buf, len - 1) - 1, data, len); /* write over trailing 0 */
data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c:99:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((byte *)SZ_GetSpace(buf, len), data, len);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.c:19:36: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define FOPEN_FUNC(filename, mode) fopen(filename, mode)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.c:109:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
file = fopen(filename, mode_fopen);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.h:50:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.h:55:17: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/ioapi.h:60:18: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define fopen64 fopen
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:29:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint16[sizeof(mz_uint16) == 2 ? 1 : -1];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:30:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint32[sizeof(mz_uint32) == 4 ? 1 : -1];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:31:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char mz_validate_uint64[sizeof(mz_uint64) == 8 ? 1 : -1];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:460:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:485:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStream->next_out, pState->m_dict + pState->m_dict_ofs, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:961:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack, &d->m_huff_code_sizes[0][0], num_lit_codes);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:962:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(code_sizes_to_pack + num_lit_codes, &d->m_huff_code_sizes[1][0], num_dist_codes);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1324:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf, bytes_to_copy);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1346:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, p, sizeof(mz_uint16));
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1352:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(&ret, p, sizeof(mz_uint16));
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1476:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + dst_pos, d->m_pSrc, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1478:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(d->m_dict + TDEFL_LZ_DICT_SIZE + dst_pos, d->m_pSrc, MZ_MIN(n, (TDEFL_MAX_MATCH_LEN - 1) - dst_pos));
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1826:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)d->m_pOut_buf + d->m_out_buf_ofs, d->m_output_buf + d->m_output_flush_ofs, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:1998:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)p->m_pBuf + p->m_size, pBuf, len);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:2122:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(out_buf.m_pBuf, pnghdr, 41);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:2200:31: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
#define TINFL_MEMCPY(d, s, l) memcpy(d, s, l)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:2972:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:2987:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:3017:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:3034:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
#define MZ_FOPEN(f, m) fopen(f, m)
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:3252:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pArray->m_p + orig_size * pArray->m_element_size, pElements, n * pArray->m_element_size);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:3795:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pBuf, (const mz_uint8 *)pZip->m_pState->m_pMem + file_ofs, s);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4068:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_filename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4074:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pStat->m_comment, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE + MZ_READ_LE16(p + MZ_ZIP_CDH_FILENAME_LEN_OFS) + MZ_READ_LE16(p + MZ_ZIP_CDH_EXTRA_LEN_OFS), n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4878:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( pvBuf, pState->pRead_buf, copied_to_caller );
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4950:17: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy( (uint8_t*)pvBuf + copied_to_caller, pWrite_buf_cur, to_copy );
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:5503:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((mz_uint8 *)pState->m_pMem + file_ofs, pBuf, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:5690:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:5995:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[4096];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:6983:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_central_header, pSrc_central_header, MZ_ZIP_CENTRAL_DIR_HEADER_SIZE);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:7533:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pFilename, p + MZ_ZIP_CENTRAL_DIR_HEADER_SIZE, n);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.h:960:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_filename[MZ_ZIP_MAX_ARCHIVE_FILENAME_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.h:964:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char m_comment[MZ_ZIP_MAX_ARCHIVE_FILE_COMMENT_SIZE];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/unzip.c:1267:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char szCurrentFileName[UNZ_MAXFILENAMEINZIP+1];
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/unzip.c:1483:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char source[12];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ent1Team[512];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:68:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ent2Team[512];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:963:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char small[64];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:964:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char large[1280];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:998:4: [2] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant string.
strcat(large, "...\n");
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1070:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1189:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char st[80];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1190:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1400];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1218:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c:1259:46: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
door_use_areaportals(edict_t *self, qboolean open)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_func.c:1277:36: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gi.SetAreaPortalState(t->style, open);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_items.c:1474:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char data[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_items.c:1538:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, start, len);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_items.c:2688:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(itemlist, gameitemlist, sizeof(gameitemlist));
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c:160:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c:173:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_main.c:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char command[256];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_spawn.c:443:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char keyname[256];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_svcmds.c:86:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char num[128];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_svcmds.c:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_target.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_target.c:1016:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char style[2];
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_utils.c:367:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char str[8][32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/game.h:139:53: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void (*SetAreaPortalState)(int portalnum, qboolean open);
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:268:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpmessage1[512];
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:269:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helpmessage2[512];
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:278:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spawnpoint[512]; /* needed for coop respawns */
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:300:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level_name[MAX_QPATH]; /* the descriptive name (Outer Base, etc) */
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:301:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapname[MAX_QPATH]; /* the server name (base1, etc) */
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:302:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nextmap[MAX_QPATH]; /* go here when fraglimit is hit */
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:813:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/src/game/header/local.h:814:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char netname[16];
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/client.c:1638:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/client.c:1945:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(userinfo, "\\name\\badinfo\\skin\\male/grunt");
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:217:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char entry[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:218:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1400];
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:342:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:583:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char funcStr[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_ver[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:778:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_game[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:779:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_os[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:780:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_arch[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:832:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_ver[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:833:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_game[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:834:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_os[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:835:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str_arch[32];
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/tables/gamefunc_decs.h:961:62: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
extern void door_use_areaportals ( edict_t * self , qboolean open ) ;
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:73:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_QPATH]; /* map name, or cinematic name */
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char configstrings[MAX_CONFIGSTRINGS][MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:112:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING]; /* name, etc */
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32]; /* extracted from userinfo, high bits masked */
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:162:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapcmd[MAX_SAVE_TOKEN_CHARS]; /* ie: *intro.cin+base */
data/yquake2-7.45+ctf1.07~dfsg/src/server/header/server.h:226:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:239:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapPath[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:285:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char expanded[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:457:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:470:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(text, "console: ");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:543:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:55:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[64];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:152:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char userinfo[MAX_INFO_STRING];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:350:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char remaining[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_entities.c:465:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(fatpvs, CM_ClusterPVS(leafs[0]), numInt32s << 2);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:77:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:129:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_game.c:155:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:128:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:215:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(sv.configstrings[CS_AIRACCEL], "%g", sv_airaccelerate->value);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:314:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char idmaster[32];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:418:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char level[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:421:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char spawnpoint[MAX_QPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:92:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char player[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:93:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char status[MAX_MSGLEN - 16];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:117:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH], name2[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:150:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name + l - 3, "sv2");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:152:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name2 + l - 3, "sv2");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:164:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:165:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:204:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:205:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:244:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH], string[128];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:245:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:246:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[32];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:291:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvarname[LATCH_CVAR_SAVELENGTH] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:334:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH], string[128];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:335:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char workdir[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:336:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment[32];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:337:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mapcmd[MAX_SAVE_TOKEN_CHARS];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:361:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cvarname[LATCH_CVAR_SAVELENGTH] = {0};
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:417:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:29:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sv_outputbuf[SV_OUTPUTBUF_LENGTH];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:76:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[2048];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:87:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char copy[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_send.c:125:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[1024];
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_user.c:36:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_OSPATH];
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:898:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(small) + strlen(large) > sizeof(large) - 100)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:898:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(small) + strlen(large) > sizeof(large) - 100)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1034:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text, " ");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1044:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p) - 1] = 0;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1051:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 150)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_cmds.c:1056:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text, "\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2145:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2162:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(entry + strlen(entry), "ctf 0 %d %d %d %d ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2168:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(entry + strlen(entry), "xv 56 yv %d picn sbfctf2 ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2172:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxsize - len > strlen(entry))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2175:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2186:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(entry + strlen(entry), "ctf 160 %d %d %d %d ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2192:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(entry + strlen(entry), "xv 216 yv %d picn sbfctf1 ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2196:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxsize - len > strlen(entry))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2199:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2238:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2242:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(entry + strlen(entry),
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2250:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (maxsize - len > strlen(entry))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2253:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2267:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "xv 8 yv %d string \"..and %d more\" ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2273:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:2983:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "%s with %i cells ",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3002:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(buf + strlen(buf), "%i units of %s",
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3087:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + strlen(s2) + 3 < sizeof(s))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3087:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + strlen(s2) + 3 < sizeof(s))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3106:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + strlen(s2) + 6 < sizeof(s))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3106:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) + strlen(s2) + 6 < sizeof(s))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3142:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
msg[strlen(msg) - 1] = 0;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3156:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3159:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3167:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3170:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3178:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3181:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3189:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3192:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3200:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3203:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3212:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(buf) + (p - outmsg) < sizeof(outmsg) - 2)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3215:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p += strlen(buf);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3317:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(levelname + 1, g_edicts[0].message, sizeof(levelname) - 2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3321:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(levelname + 1, level.mapname, sizeof(levelname) - 2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3377:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctfgame.emsg, msg, sizeof(ctfgame.emsg) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:3630:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(level.forcemap, ctfgame.elevel, sizeof(level.forcemap) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5133:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) < sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5133:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) < sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5182:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5182:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5184:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5225:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5225:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5227:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5282:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(level.forcemap, gi.argv(1), sizeof(level.forcemap) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_ctf.c:5292:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ctfgame.elevel, gi.argv(1), sizeof(ctfgame.elevel) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_misc.c:1827:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(self->message);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:252:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*(char **)p) + 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_save.c:321:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*(char **)p) + 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:300:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(string) + 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:423:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(keyname, com_token, sizeof(keyname) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:565:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(level.mapname, mapname, sizeof(level.mapname) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_spawn.c:566:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(game.spawnpoint, spawnpoint, sizeof(game.spawnpoint) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c:163:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(game.helpmessage1, ent->message, sizeof(game.helpmessage2) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c:167:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(game.helpmessage2, ent->message, sizeof(game.helpmessage1) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_target.c:904:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!self->message || (strlen(self->message) != 2) ||
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/g_utils.c:449:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = gi.TagMalloc(strlen(in) + 1, TAG_LEVEL);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:189:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "yv %d ", 32 + i * 8);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:193:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = 196 / 2 - strlen(t) * 4 + 64;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:197:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = 64 + (196 - strlen(t) * 8);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:204:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "xv %d ", x - ((hnd->cur == i) ? 8 : 0));
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:208:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "string2 \"\x0d%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:212:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "string2 \"%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/menu/menu.c:216:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(string + strlen(string), "string \"%s\" ", t);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1360:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ent->client->pers.netname, s, sizeof(ent->client->pers.netname) - 1);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1403:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/client.c:1409:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(ent->client->pers.userinfo, userinfo,
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:256:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlength = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:290:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/player/hud.c:305:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(entry);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:684:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = in + strlen(in) - 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:702:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, s2 + 1, s - s2);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:715:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = in + strlen(in) - 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:722:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(out, in, s - in);
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:735:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src = path + strlen(path) - 1;
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1260:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(start, s, strlen(s) + 1); /* remove this part */
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1316:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(key) > MAX_INFO_KEY - 1) || (strlen(value) > MAX_INFO_KEY - 1))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1316:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(key) > MAX_INFO_KEY - 1) || (strlen(value) > MAX_INFO_KEY - 1))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1324:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!value || !strlen(value))
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1331:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newi) + strlen(s) > maxsize)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1331:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newi) + strlen(s) > maxsize)
data/yquake2-7.45+ctf1.07~dfsg/ctf/src/shared/shared.c:1338:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:142:8: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
len = read(0, text, sizeof(text));
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:268:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(findpattern, "*");
data/yquake2-7.45+ctf1.07~dfsg/src/backends/unix/system.c:273:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(findpattern, "*");
data/yquake2-7.45+ctf1.07~dfsg/src/backends/windows/system.c:253:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
WriteFile(houtput, string, strlen(string), &dummy, NULL);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:628:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
verLen = strlen(version);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:705:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
y = x - strlen(text) - 8;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:708:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > i)
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:721:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(dlbar);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:751:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sprintf(dlbar + strlen(dlbar), " %02d%%", cls.downloadpercent);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_console.c:756:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(dlbar); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:316:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = strlen(cmd) + 2;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:349:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(mapCmdString); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:367:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = strlen(key_lines[edit_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:369:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = key_linepos + strlen(cmdArg);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:491:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_lines[edit_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:518:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_lines[edit_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:568:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
key_linepos = (int)strlen(key_lines[edit_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:584:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(key_lines[edit_line]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:820:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(binding);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:924:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_keyboard.c:1033:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int lastCharIdx = strlen(key_lines[i])-1;
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_lights.c:90:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = (int)strlen(s);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:209:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (buf.cursize + strlen(cl.configstrings[i]) + 32 > buf.maxsize)
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:271:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, "=");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_main.c:276:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(buffer, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:248:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:253:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(message, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:262:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(rcon_address->string))
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:279:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
NET_SendPacket(NS_CLIENT, strlen(message) + 1, message, to);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:336:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Netchan_Transmit(&cls.netchan, strlen((const char *)final), final);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:337:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Netchan_Transmit(&cls.netchan, strlen((const char *)final), final);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:338:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Netchan_Transmit(&cls.netchan, strlen((const char *)final), final);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_network.c:411:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(in);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:960:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(skin_name, s + strlen(model_name) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_parse.c:1078:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = strlen(s);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:948:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = (int)strlen(num);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1444:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DrawStringScaled(viddef.width - scale*(strlen(str)*8 + 2), 0, str, scale);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1475:42: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DrawStringScaled(viddef.width - scale*(strlen(str)*8 + 2), 0, str, scale);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_screen.c:1481:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
DrawStringScaled(viddef.width - scale*(strlen(str)*8 + 2), scale*10, str, scale);
data/yquake2-7.45+ctf1.07~dfsg/src/client/cl_view.c:255:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mapname[strlen(mapname) - 4] = 0; /* cut off ".bsp" */
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:126:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (filePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:153:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(escaped);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:200:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(entry->quakePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:305:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t length = strlen(path);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:603:19: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dl->queueEntry->quakePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:657:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dl->queueEntry->quakePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:719:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
i = strlen(tempName);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:804:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(q->quakePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:974:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t urllen = strlen(URL);
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:976:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YQ2_COM_CHECK_OOM(cleanURL, "strdup(URL)", strlen(URL))
data/yquake2-7.45+ctf1.07~dfsg/src/client/curl/download.c:1101:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen (quakePath);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:812:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(command);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:839:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(command);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:906:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = strlen(name) * 8;
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:1845:45: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
x = (viddef.width / scale- (int)strlen(credits[i]) * 8 - stringoffset *
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2003:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mods_statusbar, "\0");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2416:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(tmp) > 12)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2478:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m_loadsave_statusbar) + strlen(str) >=
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:2478:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(m_loadsave_statusbar) + strlen(str) >=
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3205:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(shortname);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3215:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
mapnames[i] = malloc(strlen(scratch) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3216:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
YQ2_COM_CHECK_OOM(mapnames, "malloc()", strlen(scratch)+1)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3316:9: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s_maxclients_field.buffer, "8");
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:3332:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_hostname_field.cursor = strlen(s_hostname_field.buffer);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/menu.c:4475:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s_player_name_field.cursor = strlen(name->string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:248:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&f->buffer[f->cursor]) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:262:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strlen(&f->buffer[f->cursor + 1]) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:483:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = (int)strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:501:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:513:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:525:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:527:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Draw_CharScaled(x - i * 8 * scale, y * scale, string[strlen(string) - i - 1], scale);
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:537:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = 0; i < strlen(string); i++)
data/yquake2-7.45+ctf1.07~dfsg/src/client/menu/qmenu.c:539:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Draw_CharScaled(x - i * 8 * scale, y * scale, string[strlen(string) - i - 1] + 128, scale);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:363:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int (*read) (void *user,char *data,int size); // fill 'data' with 'size' bytes. return number of bytes actually read
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1455:19: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int n = (s->io.read)(s->io_user_data,(char*)s->buffer_start,s->buflen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1482:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1498:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1511:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
if (s->io.read) {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/files/stb_image.h:1518:25: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
count = (s->io.read)(s->io_user_data, (char*) buffer + blen, n - blen);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:871:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= sizeof(image->name))
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1054:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_image.c:1058:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl1/gl1_main.c:967:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gl1_stereo_anaglyph_colors->string) == 2) {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:407:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= sizeof(image->name))
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:638:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_image.c:642:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_main.c:1393:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gl1_stereo_anaglyph_colors->string) == 2) {
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/gl3_sdl.c:164:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(gl3_libgl->string) == 0)
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/src/glad.c:92:32: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
terminator = loc + strlen(ext);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/gl3/glad/src/glad.c:835:31: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const size_t length = strlen(prefixes[i]);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:181:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= sizeof(image->name))
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:453:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_image.c:457:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memcpy(namewe, name, len - (strlen(ext) + 1));
data/yquake2-7.45+ctf1.07~dfsg/src/client/refresh/soft/sw_main.c:1709:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (skyname, name, sizeof(skyname)-1);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/header/stb_vorbis.h:1327:12: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = fgetc(z->f);
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/qal.c:181:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
devs += strlen(devs) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:166:49: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
static const size_t base_sound_string_length = strlen("sound/");
data/yquake2-7.45+ctf1.07~dfsg/src/client/sound/sound.c:320:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(name) >= MAX_QPATH)
data/yquake2-7.45+ctf1.07~dfsg/src/client/vid/vid.c:108:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int qualityStrLen = strlen(q);
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:96:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!argv[i] || (strlen(argv[i]) >= MAX_TOKEN_CHARS))
data/yquake2-7.45+ctf1.07~dfsg/src/common/argproc.c:143:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = Z_Malloc((int)strlen(in) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/common/clientserver.c:94:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((msgLen + strlen(rd_buffer)) > (rd_buffersize - 1))
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:88:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(text);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:96:28: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write(&cmd_text, text, strlen(text));
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:311:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(COM_Argv(i)) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:328:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:350:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(build, "\n");
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:464:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s) >= MAX_ALIAS_NAME)
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:499:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:503:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(cmd, "\n");
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:547:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(scan);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:585:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(token);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:677:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(cmd_args) - 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:702:34: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
cmd_argv[cmd_argc] = Z_Malloc(strlen(com_token) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:805:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:889:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(retval, "");
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:898:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (p > strlen(pmatch[o]))
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:930:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(partial);
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:932:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memset(retval, 0, strlen(retval));
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:974:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (j = 0; j < strlen(pmatch[0]); j++)
data/yquake2-7.45+ctf1.07~dfsg/src/common/cmdparser.c:978:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (j >= strlen(pmatch[k]) || pmatch[0][j] != pmatch[k][j])
data/yquake2-7.45+ctf1.07~dfsg/src/common/collision.c:1624:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
nameLen = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:949:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(Cmd_Argv(2)) == 0)
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:970:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l->length = strlen(l->from);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:994:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] != '.')
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1023:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (s[strlen(s) - 1] != '.')
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1053:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((canthave & SFF_SUBDIR) && (name[strlen(name) - 1] == '/'))
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1174:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
list[j] = strdup(tmplist[i] + strlen(search->path) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1358:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pak + strlen(pak) - strlen(fs_packtypes[i].suffix), fs_packtypes[i].suffix, strlen(fs_packtypes[i].suffix)))
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1358:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pak + strlen(pak) - strlen(fs_packtypes[i].suffix), fs_packtypes[i].suffix, strlen(fs_packtypes[i].suffix)))
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1358:91: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strncmp(pak + strlen(pak) - strlen(fs_packtypes[i].suffix), fs_packtypes[i].suffix, strlen(fs_packtypes[i].suffix)))
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1425:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t len = strlen(dir);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1774:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if (strlen(datadir) == 0)
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1776:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(datadir, ".");
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1824:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
searchpathlength = strlen(search->path);
data/yquake2-7.45+ctf1.07~dfsg/src/common/filesystem.c:1880:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
modnames[nmods] = malloc(strlen(modname) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/common/frame.c:94:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
verLen = strlen(versionString);
data/yquake2-7.45+ctf1.07~dfsg/src/common/movemsg.c:259:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SZ_Write(sb, s, (int)strlen(s) + 1);
data/yquake2-7.45+ctf1.07~dfsg/src/common/netchan.c:158:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
Netchan_OutOfBand(net_socket, adr, strlen(string), (byte *)string);
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:686:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = in + strlen(in) - 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:717:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s = in + strlen(in) - 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:737:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
src = path + strlen(path) - 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1315:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
memmove(start, s, strlen(s) + 1); /* remove this part */
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1371:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(key) > MAX_INFO_KEY - 1) || (strlen(value) > MAX_INFO_KEY - 1))
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1371:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(key) > MAX_INFO_KEY - 1) || (strlen(value) > MAX_INFO_KEY - 1))
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1379:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!value || !strlen(value))
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1386:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newi) + strlen(s) > maxsize)
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1386:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(newi) + strlen(s) > maxsize)
data/yquake2-7.45+ctf1.07~dfsg/src/common/shared/shared.c:1393:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
s += strlen(s);
data/yquake2-7.45+ctf1.07~dfsg/src/common/szone.c:84:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (int)strlen(data) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4192:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
const mz_uint filename_len = (mz_uint)strlen(pFilename);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4254:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
name_len = strlen(pName);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:4258:30: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
comment_len = pComment ? strlen(pComment) : 0;
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:5164:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (local_header_filename_len != strlen(file_stat.m_filename))
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:6087:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/miniz.c:6357:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
archive_name_size = strlen(pArchive_name);
data/yquake2-7.45+ctf1.07~dfsg/src/common/unzip/unzip.c:1250:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(szFileName)>=UNZ_MAXFILENAMEINZIP)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:995:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(small) + strlen(large) > sizeof(large) - 100)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:995:23: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(small) + strlen(large) > sizeof(large) - 100)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1100:3: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1110:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p) - 1] = 0;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1117:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) > 150)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1122:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(text, "\n");
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1216:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1216:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(text) + strlen(st) > sizeof(text) - 50)
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_cmds.c:1218:18: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
strcpy(text + strlen(text), "And more...\n");
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_misc.c:2227:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(self->message);
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_spawn.c:337:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(string) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_target.c:1101:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!self->message || (strlen(self->message) != 2) ||
data/yquake2-7.45+ctf1.07~dfsg/src/game/g_utils.c:492:21: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
out = gi.TagMalloc(strlen(in) + 1, TAG_LEVEL);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/client.c:1996:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(s))
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:269:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
stringlength = strlen(string);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:308:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(entry);
data/yquake2-7.45+ctf1.07~dfsg/src/game/player/hud.c:324:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
j = strlen(entry);
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:413:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*(char **)p) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:476:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(func->funcStr)+1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:496:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mmove->mmoveStr)+1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:527:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(*(char **)p) + 1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:543:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(func->funcStr)+1;
data/yquake2-7.45+ctf1.07~dfsg/src/game/savegame/savegame.c:558:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(mmove->mmoveStr)+1;
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:258:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
map[strlen(map)-4] = '\0'; // cut off ".bsp"
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:425:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = 16 - strlen(cl->name);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:436:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = 22 - strlen(s);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_cmd.c:476:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
p[strlen(p) - 1] = 0;
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:328:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (!strlen(rcon_password->string))
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_conless.c:379:4: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(remaining, " ");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:220:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(sv.configstrings[CS_AIRACCEL], "0");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_init.c:469:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(level);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:100:2: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(status, "\n");
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:101:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
statusLength = (int)strlen(status);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:111:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
playerLength = (int)strlen(player);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:548:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val))
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_main.c:571:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val))
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:136:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:149:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:151:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(name2);
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:297:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((strlen(var->name) >= sizeof(cvarname) - 1) ||
data/yquake2-7.45+ctf1.07~dfsg/src/server/sv_save.c:298:5: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
(strlen(var->string) >= sizeof(string) - 1))
data/yquake2-7.45+ctf1.07~dfsg/src/win-wrapper/wrapper.c:59:51: [1] (buffer) wcslen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int maxLenSafe = sizeof(exePath)/sizeof(WCHAR) - wcslen(WRAPPED_EXE);
ANALYSIS SUMMARY:
Hits = 1473
Lines analyzed = 228007 in approximately 5.07 seconds (44992 lines/second)
Physical Source Lines of Code (SLOC) = 169176
Hits@level = [0] 193 [1] 290 [2] 794 [3] 181 [4] 199 [5] 9
Hits@level+ = [0+] 1666 [1+] 1473 [2+] 1183 [3+] 389 [4+] 208 [5+] 9
Hits/KSLOC@level+ = [0+] 9.84773 [1+] 8.70691 [2+] 6.99272 [3+] 2.29938 [4+] 1.22949 [5+] 0.053199
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.