Flawfinder version 1.27, (C) 2001-2004 David A. Wheeler.
Number of dangerous functions in C/C++ ruleset: 160
Examining src/wui/text_layout.cc
Examining src/wui/interactive_base.h
Examining src/wui/militarysitewindow.cc
Examining src/wui/building_statistics_menu.cc
Examining src/wui/chatoverlay.h
Examining src/wui/game_summary.h
Examining src/wui/game_message_menu.h
Examining src/wui/game_objectives_menu.h
Examining src/wui/game_main_menu.h
Examining src/wui/watchwindow.cc
Examining src/wui/ware_statistics_menu.h
Examining src/wui/buildingwindow.cc
Examining src/wui/fieldaction.cc
Examining src/wui/debugconsole.h
Examining src/wui/multiplayersetupgroup.h
Examining src/wui/game_message_menu.cc
Examining src/wui/game_options_menu.cc
Examining src/wui/watchwindow.h
Examining src/wui/actionconfirm.cc
Examining src/wui/waresqueuedisplay.cc
Examining src/wui/encyclopedia_window.cc
Examining src/wui/playerdescrgroup.cc
Examining src/wui/game_main_menu_save_game.cc
Examining src/wui/general_statistics_menu.cc
Examining src/wui/logmessage.h
Examining src/wui/soldiercapacitycontrol.h
Examining src/wui/itemwaresdisplay.h
Examining src/wui/portdockwaresdisplay.h
Examining src/wui/story_message_box.h
Examining src/wui/text_layout.h
Examining src/wui/trainingsitewindow.cc
Examining src/wui/waresdisplay.cc
Examining src/wui/game_options_menu.h
Examining src/wui/game_objectives_menu.cc
Examining src/wui/attack_box.cc
Examining src/wui/interactive_spectator.h
Examining src/wui/quicknavigation.h
Examining src/wui/unique_window_handler.h
Examining src/wui/transport_draw.cc
Examining src/wui/dismantlesitewindow.cc
Examining src/wui/transport_ui.cc
Examining src/wui/interactive_player.h
Examining src/wui/text_constants.h
Examining src/wui/plot_area.cc
Examining src/wui/game_options_sound_menu.cc
Examining src/wui/unique_window_handler.cc
Examining src/wui/mapview.h
Examining src/wui/game_tips.cc
Examining src/wui/soldierlist.cc
Examining src/wui/game_tips.h
Examining src/wui/productionsitewindow.cc
Examining src/wui/gamechatpanel.h
Examining src/wui/playerdescrgroup.h
Examining src/wui/building_statistics_menu.h
Examining src/wui/itemwaresdisplay.cc
Examining src/wui/stock_menu.cc
Examining src/wui/buildingwindow.h
Examining src/wui/constructionsitewindow.cc
Examining src/wui/fieldaction.h
Examining src/wui/stock_menu.h
Examining src/wui/plot_area.h
Examining src/wui/game_chat_menu.cc
Examining src/wui/waresqueuedisplay.h
Examining src/wui/login_box.h
Examining src/wui/chat_msg_layout.h
Examining src/wui/ware_statistics_menu.cc
Examining src/wui/multiplayersetupgroup.cc
Examining src/wui/vector.h
Examining src/wui/encyclopedia_window.h
Examining src/wui/actionconfirm.h
Examining src/wui/mapviewpixelconstants.h
Examining src/wui/chat_msg_layout.cc
Examining src/wui/game_debug_ui.cc
Examining src/wui/soldierlist.h
Examining src/wui/interactive_spectator.cc
Examining src/wui/debugconsole.cc
Examining src/wui/building_ui.cc
Examining src/wui/interactive_gamebase.h
Examining src/wui/waresdisplay.h
Examining src/wui/portdockwaresdisplay.cc
Examining src/wui/game_options_sound_menu.h
Examining src/wui/attack_box.h
Examining src/wui/mapviewpixelfunctions.cc
Examining src/wui/interactive_base.cc
Examining src/wui/mapviewpixelfunctions.h
Examining src/wui/interactive_gamebase.cc
Examining src/wui/game_main_menu_save_game.h
Examining src/wui/story_message_box.cc
Examining src/wui/game_main_menu.cc
Examining src/wui/minimap.h
Examining src/wui/chatoverlay.cc
Examining src/wui/interactive_player.cc
Examining src/wui/quicknavigation.cc
Examining src/wui/game_summary.cc
Examining src/wui/general_statistics_menu.h
Examining src/wui/overlay_manager.cc
Examining src/wui/login_box.cc
Examining src/wui/soldiercapacitycontrol.cc
Examining src/wui/minimap.cc
Examining src/wui/mapview.cc
Examining src/wui/shipwindow.cc
Examining src/wui/gamechatpanel.cc
Examining src/wui/warehousewindow.cc
Examining src/wui/overlay_manager.h
Examining src/wui/game_chat_menu.h
Examining src/wui/game_debug_ui.h
Examining src/wui/productionsitewindow.h
Examining src/economy/supply_list.cc
Examining src/economy/shippingitem.h
Examining src/economy/flag.cc
Examining src/economy/router.cc
Examining src/economy/request.cc
Examining src/economy/supply.h
Examining src/economy/ware_instance.cc
Examining src/economy/iroute.h
Examining src/economy/shippingitem.cc
Examining src/economy/fleet.cc
Examining src/economy/road.h
Examining src/economy/economy.cc
Examining src/economy/portdock.h
Examining src/economy/transfer.cc
Examining src/economy/trackptr.h
Examining src/economy/ware_instance.h
Examining src/economy/flag.h
Examining src/economy/economy_data_packet.h
Examining src/economy/portdock.cc
Examining src/economy/cmd_call_economy_balance.h
Examining src/economy/fleet.h
Examining src/economy/itransport_cost_calculator.h
Examining src/economy/economy_data_packet.cc
Examining src/economy/test/economy_test_main.cc
Examining src/economy/test/test_routing.cc
Examining src/economy/test/test_economy.cc
Examining src/economy/test/test_road.cc
Examining src/economy/routeastar.cc
Examining src/economy/economy.h
Examining src/economy/route.cc
Examining src/economy/wares_queue.h
Examining src/economy/route.h
Examining src/economy/request.h
Examining src/economy/transfer.h
Examining src/economy/router.h
Examining src/economy/warehousesupply.h
Examining src/economy/road.cc
Examining src/economy/routing_node.h
Examining src/economy/supply_list.h
Examining src/economy/cmd_call_economy_balance.cc
Examining src/economy/routeastar.h
Examining src/economy/wares_queue.cc
Examining src/economy/idleworkersupply.h
Examining src/economy/idleworkersupply.cc
Examining src/game_io/game_player_info_data_packet.h
Examining src/game_io/game_map_data_packet.cc
Examining src/game_io/game_data_packet.h
Examining src/game_io/game_saver.h
Examining src/game_io/game_game_class_data_packet.cc
Examining src/game_io/game_game_class_data_packet.h
Examining src/game_io/game_interactive_player_data_packet.cc
Examining src/game_io/game_interactive_player_data_packet.h
Examining src/game_io/game_preload_data_packet.cc
Examining src/game_io/game_loader.h
Examining src/game_io/game_preload_data_packet.h
Examining src/game_io/game_loader.cc
Examining src/game_io/game_cmd_queue_data_packet.cc
Examining src/game_io/game_map_data_packet.h
Examining src/game_io/game_saver.cc
Examining src/game_io/game_player_economies_data_packet.h
Examining src/game_io/game_cmd_queue_data_packet.h
Examining src/game_io/game_player_info_data_packet.cc
Examining src/game_io/game_player_economies_data_packet.cc
Examining src/map_io/widelands_map_terrain_data_packet.cc
Examining src/map_io/widelands_map_road_data_packet.cc
Examining src/map_io/one_world_legacy_lookup_table.h
Examining src/map_io/s2map.cc
Examining src/map_io/widelands_map_heights_data_packet.h
Examining src/map_io/map_loader.h
Examining src/map_io/widelands_map_resources_data_packet.cc
Examining src/map_io/widelands_map_objective_data_packet.cc
Examining src/map_io/widelands_map_player_names_and_tribes_data_packet.h
Examining src/map_io/widelands_map_port_spaces_data_packet.h
Examining src/map_io/widelands_map_saver.cc
Examining src/map_io/widelands_map_flagdata_data_packet.cc
Examining src/map_io/widelands_map_player_position_data_packet.h
Examining src/map_io/widelands_map_players_view_data_packet.h
Examining src/map_io/widelands_map_map_object_saver.h
Examining src/map_io/widelands_map_building_data_packet.h
Examining src/map_io/widelands_map_allowed_worker_types_data_packet.h
Examining src/map_io/widelands_map_allowed_building_types_data_packet.h
Examining src/map_io/widelands_map_roaddata_data_packet.h
Examining src/map_io/widelands_map_version_data_packet.h
Examining src/map_io/widelands_map_extradata_data_packet.cc
Examining src/map_io/widelands_map_road_data_packet.h
Examining src/map_io/widelands_map_player_position_data_packet.cc
Examining src/map_io/widelands_map_heights_data_packet.cc
Examining src/map_io/widelands_map_map_object_saver.cc
Examining src/map_io/widelands_map_object_packet.h
Examining src/map_io/one_world_legacy_lookup_table.cc
Examining src/map_io/widelands_map_scripting_data_packet.h
Examining src/map_io/widelands_map_flag_data_packet.h
Examining src/map_io/widelands_map_roaddata_data_packet.cc
Examining src/map_io/widelands_map_elemental_data_packet.cc
Examining src/map_io/widelands_map_buildingdata_data_packet.cc
Examining src/map_io/s2map.h
Examining src/map_io/widelands_map_objective_data_packet.h
Examining src/map_io/widelands_map_node_ownership_data_packet.cc
Examining src/map_io/widelands_map_message_saver.h
Examining src/map_io/widelands_map_flag_data_packet.cc
Examining src/map_io/widelands_map_bob_data_packet.cc
Examining src/map_io/widelands_map_elemental_data_packet.h
Examining src/map_io/widelands_map_allowed_worker_types_data_packet.cc
Examining src/map_io/widelands_map_terrain_data_packet.h
Examining src/map_io/widelands_map_flagdata_data_packet.h
Examining src/map_io/widelands_map_map_object_loader.h
Examining src/map_io/widelands_map_players_view_data_packet.cc
Examining src/map_io/widelands_map_map_object_loader.cc
Examining src/map_io/widelands_map_players_messages_data_packet.cc
Examining src/map_io/widelands_map_scripting_data_packet.cc
Examining src/map_io/widelands_map_exploration_data_packet.cc
Examining src/map_io/widelands_map_allowed_building_types_data_packet.cc
Examining src/map_io/widelands_map_extradata_data_packet.h
Examining src/map_io/widelands_map_port_spaces_data_packet.cc
Examining src/map_io/widelands_map_saver.h
Examining src/map_io/widelands_map_node_ownership_data_packet.h
Examining src/map_io/widelands_map_loader.cc
Examining src/map_io/widelands_map_data_packet.h
Examining src/map_io/widelands_map_buildingdata_data_packet.h
Examining src/map_io/widelands_map_bob_data_packet.h
Examining src/map_io/widelands_map_loader.h
Examining src/map_io/widelands_map_version_data_packet.cc
Examining src/map_io/widelands_map_building_data_packet.cc
Examining src/map_io/coords_profile.cc
Examining src/map_io/widelands_map_player_names_and_tribes_data_packet.cc
Examining src/map_io/widelands_map_players_messages_data_packet.h
Examining src/map_io/widelands_map_exploration_data_packet.h
Examining src/map_io/widelands_map_object_packet.cc
Examining src/map_io/widelands_map_resources_data_packet.h
Examining src/map_io/coords_profile.h
Examining src/main.cc
Examining src/third_party/eris/lbitlib.c
Examining src/third_party/eris/ldump.c
Examining src/third_party/eris/lzio.c
Examining src/third_party/eris/ltable.h
Examining src/third_party/eris/lvm.c
Examining src/third_party/eris/ltm.c
Examining src/third_party/eris/ldblib.c
Examining src/third_party/eris/loslib.c
Examining src/third_party/eris/ldo.h
Examining src/third_party/eris/lopcodes.c
Examining src/third_party/eris/lua.h
Examining src/third_party/eris/lcorolib.c
Examining src/third_party/eris/lapi.c
Examining src/third_party/eris/lapi.h
Examining src/third_party/eris/lobject.h
Examining src/third_party/eris/lstring.c
Examining src/third_party/eris/lobject.c
Examining src/third_party/eris/lcode.h
Examining src/third_party/eris/eris.h
Examining src/third_party/eris/ldebug.h
Examining src/third_party/eris/liolib.c
Examining src/third_party/eris/ldo.c
Examining src/third_party/eris/lctype.c
Examining src/third_party/eris/lfunc.h
Examining src/third_party/eris/ltm.h
Examining src/third_party/eris/luaconf.h
Examining src/third_party/eris/lgc.h
Examining src/third_party/eris/eris.c
Examining src/third_party/eris/lmem.h
Examining src/third_party/eris/lopcodes.h
Examining src/third_party/eris/lparser.c
Examining src/third_party/eris/lstrlib.c
Examining src/third_party/eris/ltablib.c
Examining src/third_party/eris/llimits.h
Examining src/third_party/eris/lstring.h
Examining src/third_party/eris/linit.c
Examining src/third_party/eris/lzio.h
Examining src/third_party/eris/lauxlib.h
Examining src/third_party/eris/ldebug.c
Examining src/third_party/eris/lstate.h
Examining src/third_party/eris/lctype.h
Examining src/third_party/eris/lvm.h
Examining src/third_party/eris/lfunc.c
Examining src/third_party/eris/llex.c
Examining src/third_party/eris/lmathlib.c
Examining src/third_party/eris/llex.h
Examining src/third_party/eris/lundump.h
Examining src/third_party/eris/lgc.c
Examining src/third_party/eris/lualib.h
Examining src/third_party/eris/lbaselib.c
Examining src/third_party/eris/lcode.c
Examining src/third_party/eris/ltable.c
Examining src/third_party/eris/lparser.h
Examining src/third_party/eris/lundump.c
Examining src/third_party/eris/lstate.c
Examining src/third_party/eris/loadlib.c
Examining src/third_party/eris/lauxlib.c
Examining src/third_party/eris/lua.hpp
Examining src/third_party/eris/lmem.c
Examining src/third_party/minizip/zip.h
Examining src/third_party/minizip/unzip.cc
Examining src/third_party/minizip/ioapi.h
Examining src/third_party/minizip/unzip.h
Examining src/editor/tools/editor_set_resources_tool.cc
Examining src/editor/tools/editor_increase_height_tool.h
Examining src/editor/tools/editor_set_terrain_tool.h
Examining src/editor/tools/editor_increase_resources_tool.cc
Examining src/editor/tools/editor_delete_bob_tool.cc
Examining src/editor/tools/editor_set_height_tool.cc
Examining src/editor/tools/editor_place_bob_tool.h
Examining src/editor/tools/editor_action_args.h
Examining src/editor/tools/editor_place_bob_tool.cc
Examining src/editor/tools/editor_info_tool.h
Examining src/editor/tools/editor_place_immovable_tool.h
Examining src/editor/tools/editor_history.h
Examining src/editor/tools/editor_history.cc
Examining src/editor/tools/editor_set_port_space_tool.cc
Examining src/editor/tools/editor_make_infrastructure_tool.h
Examining src/editor/tools/editor_noise_height_tool.cc
Examining src/editor/tools/editor_decrease_resources_tool.cc
Examining src/editor/tools/editor_noise_height_tool.h
Examining src/editor/tools/editor_delete_immovable_tool.h
Examining src/editor/tools/editor_delete_immovable_tool.cc
Examining src/editor/tools/editor_set_resources_tool.h
Examining src/editor/tools/editor_draw_tool.h
Examining src/editor/tools/editor_delete_bob_tool.h
Examining src/editor/tools/editor_set_terrain_tool.cc
Examining src/editor/tools/editor_set_port_space_tool.h
Examining src/editor/tools/editor_set_height_tool.h
Examining src/editor/tools/editor_decrease_height_tool.h
Examining src/editor/tools/editor_decrease_height_tool.cc
Examining src/editor/tools/editor_set_origin_tool.cc
Examining src/editor/tools/editor_tool_action.h
Examining src/editor/tools/editor_set_origin_tool.h
Examining src/editor/tools/editor_place_immovable_tool.cc
Examining src/editor/tools/editor_decrease_resources_tool.h
Examining src/editor/tools/multi_select.h
Examining src/editor/tools/editor_draw_tool.cc
Examining src/editor/tools/editor_make_infrastructure_tool.cc
Examining src/editor/tools/editor_set_starting_pos_tool.h
Examining src/editor/tools/editor_increase_height_tool.cc
Examining src/editor/tools/editor_tool.h
Examining src/editor/tools/editor_set_starting_pos_tool.cc
Examining src/editor/tools/editor_increase_resources_tool.h
Examining src/editor/tools/editor_info_tool.cc
Examining src/editor/map_generator.h
Examining src/editor/ui_menus/editor_main_menu_random_map.cc
Examining src/editor/ui_menus/editor_player_menu_allowed_buildings_menu.cc
Examining src/editor/ui_menus/editor_player_menu.cc
Examining src/editor/ui_menus/editor_tool_place_immovable_options_menu.h
Examining src/editor/ui_menus/editor_main_menu_random_map.h
Examining src/editor/ui_menus/editor_tool_noise_height_options_menu.h
Examining src/editor/ui_menus/editor_main_menu.h
Examining src/editor/ui_menus/editor_tool_set_terrain_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_load_map.cc
Examining src/editor/ui_menus/editor_toolsize_menu.h
Examining src/editor/ui_menus/editor_tool_change_height_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_save_map_make_directory.h
Examining src/editor/ui_menus/editor_main_menu_map_options.h
Examining src/editor/ui_menus/editor_tool_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_load_map.h
Examining src/editor/ui_menus/editor_tool_place_immovable_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_new_map.cc
Examining src/editor/ui_menus/categorized_item_selection_menu.h
Examining src/editor/ui_menus/editor_tool_change_height_options_menu.h
Examining src/editor/ui_menus/editor_main_menu_save_map.cc
Examining src/editor/ui_menus/editor_tool_place_bob_options_menu.h
Examining src/editor/ui_menus/editor_toolsize_menu.cc
Examining src/editor/ui_menus/editor_player_menu_allowed_buildings_menu.h
Examining src/editor/ui_menus/editor_tool_place_bob_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_map_options.cc
Examining src/editor/ui_menus/editor_player_menu.h
Examining src/editor/ui_menus/editor_main_menu_save_map.h
Examining src/editor/ui_menus/editor_tool_menu.cc
Examining src/editor/ui_menus/editor_main_menu.cc
Examining src/editor/ui_menus/editor_tool_menu.h
Examining src/editor/ui_menus/editor_tool_options_menu.h
Examining src/editor/ui_menus/editor_main_menu_save_map_make_directory.cc
Examining src/editor/ui_menus/editor_tool_noise_height_options_menu.cc
Examining src/editor/ui_menus/editor_main_menu_new_map.h
Examining src/editor/ui_menus/editor_tool_change_resources_options_menu.cc
Examining src/editor/ui_menus/editor_tool_change_resources_options_menu.h
Examining src/editor/ui_menus/editor_tool_set_terrain_options_menu.h
Examining src/editor/editorinteractive.h
Examining src/editor/map_generator.cc
Examining src/editor/editorinteractive.cc
Examining src/graphic/image_cache.cc
Examining src/graphic/align.cc
Examining src/graphic/font_handler.cc
Examining src/graphic/texture.cc
Examining src/graphic/image.h
Examining src/graphic/surface.cc
Examining src/graphic/render/sdl_helper.cc
Examining src/graphic/render/gamerenderer_gl.h
Examining src/graphic/render/gamerenderer_gl.cc
Examining src/graphic/render/gamerenderer_sdl.h
Examining src/graphic/render/sdl_surface.h
Examining src/graphic/render/gamerenderer.cc
Examining src/graphic/render/minimaprenderer.cc
Examining src/graphic/render/gl_surface_screen.cc
Examining src/graphic/render/gl_surface_screen.h
Examining src/graphic/render/gamerenderer_sdl.cc
Examining src/graphic/render/gl_surface_texture.h
Examining src/graphic/render/terrain_sdl.cc
Examining src/graphic/render/minimaprenderer.h
Examining src/graphic/render/gl_utils.cc
Examining src/graphic/render/sdl_helper.h
Examining src/graphic/render/gl_utils.h
Examining src/graphic/render/vertex.h
Examining src/graphic/render/gamerenderer.h
Examining src/graphic/render/gl_surface.cc
Examining src/graphic/render/sdl_surface.cc
Examining src/graphic/render/gl_surface.h
Examining src/graphic/render/terrain_sdl.h
Examining src/graphic/render/gl_surface_texture.cc
Examining src/graphic/wordwrap.h
Examining src/graphic/image_io.cc
Examining src/graphic/font_handler.h
Examining src/graphic/surface.h
Examining src/graphic/in_memory_image.cc
Examining src/graphic/graphic.h
Examining src/graphic/animation.h
Examining src/graphic/image_io.h
Examining src/graphic/text_parser.cc
Examining src/graphic/rendertarget.cc
Examining src/graphic/richtext.h
Examining src/graphic/diranimations.h
Examining src/graphic/texture.h
Examining src/graphic/font.cc
Examining src/graphic/wordwrap.cc
Examining src/graphic/align.h
Examining src/graphic/surface_cache.cc
Examining src/graphic/font_handler1.h
Examining src/graphic/text_parser.h
Examining src/graphic/compositemode.h
Examining src/graphic/image_transformations.cc
Examining src/graphic/colormap.cc
Examining src/graphic/image_transformations.h
Examining src/graphic/graphic.cc
Examining src/graphic/richtext.cc
Examining src/graphic/color.cc
Examining src/graphic/font_handler1.cc
Examining src/graphic/font.h
Examining src/graphic/image_cache.h
Examining src/graphic/default_resolution.h
Examining src/graphic/color.h
Examining src/graphic/surface_cache.h
Examining src/graphic/in_memory_image.h
Examining src/graphic/colormap.h
Examining src/graphic/text/textstream.cc
Examining src/graphic/text/rt_errors.h
Examining src/graphic/text/rt_errors_impl.h
Examining src/graphic/text/rt_render.h
Examining src/graphic/text/rt_parse.cc
Examining src/graphic/text/font_io.cc
Examining src/graphic/text/sdl_ttf_font.h
Examining src/graphic/text/font_io.h
Examining src/graphic/text/test/render.h
Examining src/graphic/text/test/render.cc
Examining src/graphic/text/test/render_richtext.cc
Examining src/graphic/text/rt_render.cc
Examining src/graphic/text/sdl_ttf_font.cc
Examining src/graphic/text/rt_parse.h
Examining src/graphic/text/textstream.h
Examining src/graphic/rendertarget.h
Examining src/graphic/animation.cc
Examining src/chat/chat.h
Examining src/chat/chat.cc
Examining src/base/scoped_timer.cc
Examining src/base/deprecated.h
Examining src/base/exceptions.cc
Examining src/base/md5.h
Examining src/base/warning.h
Examining src/base/rect.cc
Examining src/base/rect.h
Examining src/base/point.h
Examining src/base/macros.h
Examining src/base/point.cc
Examining src/base/wexception.h
Examining src/base/macros.cc
Examining src/base/scoped_timer.h
Examining src/base/time_string.h
Examining src/base/i18n.cc
Examining src/base/i18n.h
Examining src/base/log.h
Examining src/base/log.cc
Examining src/base/utf8.h
Examining src/base/md5.cc
Examining src/base/time_string.cc
Examining src/base/deprecated.cc
Examining src/network/network_lan_promotion.cc
Examining src/network/internet_gaming_messages.cc
Examining src/network/network.h
Examining src/network/network_player_settings_backend.h
Examining src/network/nethost.cc
Examining src/network/network.cc
Examining src/network/internet_gaming.h
Examining src/network/netclient.cc
Examining src/network/network_gaming_messages.cc
Examining src/network/network_player_settings_backend.cc
Examining src/network/network_protocol.h
Examining src/network/network_lan_promotion.h
Examining src/network/netclient.h
Examining src/network/constants.h
Examining src/network/nethost.h
Examining src/network/internet_gaming.cc
Examining src/network/network_gaming_messages.h
Examining src/network/internet_gaming_messages.h
Examining src/network/internet_gaming_protocol.h
Examining src/network/network_system.h
Examining src/helper.h
Examining src/sound/fxset.cc
Examining src/sound/sound_handler.cc
Examining src/sound/sound_handler.h
Examining src/sound/songset.h
Examining src/sound/fxset.h
Examining src/sound/songset.cc
Examining src/profile/profile.h
Examining src/profile/profile.cc
Examining src/random/random.h
Examining src/random/random.cc
Examining src/build_info.h
Examining src/wlapplication.cc
Examining src/io/streamread.h
Examining src/io/filesystem/layered_filesystem.h
Examining src/io/filesystem/zip_exceptions.h
Examining src/io/filesystem/disk_filesystem.h
Examining src/io/filesystem/layered_filesystem.cc
Examining src/io/filesystem/filesystem.cc
Examining src/io/filesystem/filesystem.h
Examining src/io/filesystem/filesystem_exceptions.h
Examining src/io/filesystem/disk_filesystem.cc
Examining src/io/filesystem/test/filesystem_test_main.cc
Examining src/io/filesystem/test/test_filesystem.cc
Examining src/io/filesystem/zip_filesystem.cc
Examining src/io/filesystem/zip_filesystem.h
Examining src/io/filewrite.h
Examining src/io/streamwrite.cc
Examining src/io/streamwrite.h
Examining src/io/filewrite.cc
Examining src/io/fileread.cc
Examining src/io/machdep.h
Examining src/io/fileread.h
Examining src/io/dedicated_log.cc
Examining src/io/dedicated_log.h
Examining src/io/streamread.cc
Examining src/scripting/lua_ui.cc
Examining src/scripting/lua_map.cc
Examining src/scripting/lua_editor.h
Examining src/scripting/luna_impl.h
Examining src/scripting/factory.cc
Examining src/scripting/lua_bases.cc
Examining src/scripting/luna.h
Examining src/scripting/lua_bases.h
Examining src/scripting/lua_table.h
Examining src/scripting/lua_root.h
Examining src/scripting/lua_path.cc
Examining src/scripting/c_utils.h
Examining src/scripting/persistence.h
Examining src/scripting/lua_map.h
Examining src/scripting/eris.h
Examining src/scripting/lua_ui.h
Examining src/scripting/c_utils.cc
Examining src/scripting/lua_coroutine.h
Examining src/scripting/lua_errors.h
Examining src/scripting/lua_table.cc
Examining src/scripting/lua_game.h
Examining src/scripting/persistence.cc
Examining src/scripting/test/test_luna.cc
Examining src/scripting/test/scripting_test_main.cc
Examining src/scripting/lua_editor.cc
Examining src/scripting/lua_game.cc
Examining src/scripting/lua_globals.cc
Examining src/scripting/scripting.cc
Examining src/scripting/lua_root.cc
Examining src/scripting/lua_path.h
Examining src/scripting/scripting.h
Examining src/scripting/factory.h
Examining src/scripting/lua_globals.h
Examining src/scripting/lua_coroutine.cc
Examining src/scripting/luna_impl.cc
Examining src/helper.cc
Examining src/ui_fsmenu/loadreplay.h
Examining src/ui_fsmenu/base.cc
Examining src/ui_fsmenu/fileview.cc
Examining src/ui_fsmenu/singleplayer.cc
Examining src/ui_fsmenu/loadgame.cc
Examining src/ui_fsmenu/launch_spg.cc
Examining src/ui_fsmenu/singleplayer.h
Examining src/ui_fsmenu/loadgame.h
Examining src/ui_fsmenu/internet_lobby.h
Examining src/ui_fsmenu/main.cc
Examining src/ui_fsmenu/editor.cc
Examining src/ui_fsmenu/options.h
Examining src/ui_fsmenu/fileview.h
Examining src/ui_fsmenu/editor_mapselect.h
Examining src/ui_fsmenu/internet_lobby.cc
Examining src/ui_fsmenu/multiplayer.h
Examining src/ui_fsmenu/campaign_select.h
Examining src/ui_fsmenu/mapselect.cc
Examining src/ui_fsmenu/intro.h
Examining src/ui_fsmenu/main.h
Examining src/ui_fsmenu/mapselect.h
Examining src/ui_fsmenu/netsetup_lan.cc
Examining src/ui_fsmenu/loadreplay.cc
Examining src/ui_fsmenu/campaign_select.cc
Examining src/ui_fsmenu/netsetup_lan.h
Examining src/ui_fsmenu/options.cc
Examining src/ui_fsmenu/base.h
Examining src/ui_fsmenu/editor.h
Examining src/ui_fsmenu/launch_mpg.cc
Examining src/ui_fsmenu/intro.cc
Examining src/ui_fsmenu/launch_mpg.h
Examining src/ui_fsmenu/editor_mapselect.cc
Examining src/ui_fsmenu/launch_spg.h
Examining src/ui_fsmenu/multiplayer.cc
Examining src/logic/wareworker.h
Examining src/logic/soldiercontrol.h
Examining src/logic/expedition_bootstrap.h
Examining src/logic/single_player_game_settings_provider.cc
Examining src/logic/production_program.h
Examining src/logic/game.h
Examining src/logic/widelands_geometry_io.cc
Examining src/logic/worker.h
Examining src/logic/cmd_expire_message.h
Examining src/logic/map_revision.h
Examining src/logic/maphollowregion.h
Examining src/logic/player.cc
Examining src/logic/cmd_calculate_statistics.cc
Examining src/logic/carrier.cc
Examining src/logic/soldier.h
Examining src/logic/walkingdir.h
Examining src/logic/pathfield.h
Examining src/logic/immovable.h
Examining src/logic/cmd_calculate_statistics.h
Examining src/logic/ware_descr.cc
Examining src/logic/parse_map_object_types.h
Examining src/logic/mapfringeregion.h
Examining src/logic/game_settings.h
Examining src/logic/description_maintainer.h
Examining src/logic/tribe_basic_info.h
Examining src/logic/tribe.h
Examining src/logic/building.h
Examining src/logic/replay_game_controller.cc
Examining src/logic/warelist.h
Examining src/logic/player_area.h
Examining src/logic/tattribute.h
Examining src/logic/worker_descr.cc
Examining src/logic/mapfringeregion.cc
Examining src/logic/playercommand.h
Examining src/logic/warelist.cc
Examining src/logic/battle.cc
Examining src/logic/playersmanager.h
Examining src/logic/playercommand.cc
Examining src/logic/queue_cmd_ids.h
Examining src/logic/cmd_queue.h
Examining src/logic/path.cc
Examining src/logic/backtrace.h
Examining src/logic/partially_finished_building.cc
Examining src/logic/instances.h
Examining src/logic/editor_game_base.h
Examining src/logic/map.h
Examining src/logic/campaign_visibility.h
Examining src/logic/maphollowregion.cc
Examining src/logic/cmd_luascript.cc
Examining src/logic/message_id.h
Examining src/logic/message_queue.h
Examining src/logic/trainingsite.cc
Examining src/logic/objective.h
Examining src/logic/bob.h
Examining src/logic/cookie_priority_queue.h
Examining src/logic/replay.cc
Examining src/logic/queue_cmd_factory.cc
Examining src/logic/cmd_expire_message.cc
Examining src/logic/ship.h
Examining src/logic/carrier.h
Examining src/logic/campaign_visibility.cc
Examining src/logic/game_data_error.h
Examining src/logic/widelands_geometry_io.h
Examining src/logic/roadtype.h
Examining src/logic/worker_program.h
Examining src/logic/mapdifferenceregion.cc
Examining src/logic/save_handler.cc
Examining src/logic/editor_game_base.cc
Examining src/logic/tribe.cc
Examining src/logic/single_player_game_controller.h
Examining src/logic/bill_of_materials.h
Examining src/logic/nodecaps.h
Examining src/logic/checkstep.cc
Examining src/logic/pathfield.cc
Examining src/logic/militarysite.h
Examining src/logic/queue_cmd_factory.h
Examining src/logic/replay.h
Examining src/logic/mapastar.h
Examining src/logic/maptriangleregion.h
Examining src/logic/mapdifferenceregion.h
Examining src/logic/cmd_luacoroutine.cc
Examining src/logic/militarysite.cc
Examining src/logic/findimmovable.cc
Examining src/logic/map_revision.cc
Examining src/logic/checkstep.h
Examining src/logic/message.h
Examining src/logic/single_player_game_settings_provider.h
Examining src/logic/productionsite.cc
Examining src/logic/productionsite.h
Examining src/logic/partially_finished_building.h
Examining src/logic/trainingsite.h
Examining src/logic/widelands_geometry.cc
Examining src/logic/program_result.h
Examining src/logic/worker_program.cc
Examining src/logic/building.cc
Examining src/logic/field.cc
Examining src/logic/buildcost.cc
Examining src/logic/game_data_error.cc
Examining src/logic/cmd_queue.cc
Examining src/logic/critter.cc
Examining src/logic/player.h
Examining src/logic/constants.h
Examining src/logic/terrain_affinity.cc
Examining src/logic/warehouse.h
Examining src/logic/game_controller.h
Examining src/logic/findnode.cc
Examining src/logic/playersmanager.cc
Examining src/logic/widelands.h
Examining src/logic/production_program.cc
Examining src/logic/terrain_affinity.h
Examining src/logic/attackable.h
Examining src/logic/backtrace.cc
Examining src/logic/instances.cc
Examining src/logic/buildcost.h
Examining src/logic/immovable_program.h
Examining src/logic/single_player_game_controller.cc
Examining src/logic/mapregion.h
Examining src/logic/requirements.h
Examining src/logic/bob.cc
Examining src/logic/widelands_geometry.h
Examining src/logic/path.h
Examining src/logic/cmd_incorporate.cc
Examining src/logic/maptriangleregion.cc
Examining src/logic/walkingdir.cc
Examining src/logic/map.cc
Examining src/logic/soldier.cc
Examining src/logic/immovable.cc
Examining src/logic/cmd_luacoroutine.h
Examining src/logic/workarea_info.h
Examining src/logic/findimmovable.h
Examining src/logic/expedition_bootstrap.cc
Examining src/logic/save_handler.h
Examining src/logic/findbob.h
Examining src/logic/critter.h
Examining src/logic/cmd_incorporate.h
Examining src/logic/soldier_counts.h
Examining src/logic/constructionsite.h
Examining src/logic/dismantlesite.h
Examining src/logic/field.h
Examining src/logic/replay_game_controller.h
Examining src/logic/warehouse.cc
Examining src/logic/ship.cc
Examining src/logic/constructionsite.cc
Examining src/logic/worker.cc
Examining src/logic/cmd_luascript.h
Examining src/logic/world/editor_category.h
Examining src/logic/world/resource_description.cc
Examining src/logic/world/map_gen.h
Examining src/logic/world/map_gen.cc
Examining src/logic/world/terrain_description.cc
Examining src/logic/world/world.h
Examining src/logic/world/world.cc
Examining src/logic/world/resource_description.h
Examining src/logic/world/terrain_description.h
Examining src/logic/world/editor_category.cc
Examining src/logic/critter_program.h
Examining src/logic/findbob.cc
Examining src/logic/battle.h
Examining src/logic/game.cc
Examining src/logic/dismantlesite.cc
Examining src/logic/mapastar.cc
Examining src/logic/requirements.cc
Examining src/logic/ware_descr.h
Examining src/logic/map_info.cc
Examining src/logic/findnode.h
Examining src/logic/worker_descr.h
Examining src/wlapplication.h
Examining src/notifications/notifications.cc
Examining src/notifications/notifications_impl.h
Examining src/notifications/note_ids.h
Examining src/notifications/test/notifications_test.cc
Examining src/notifications/notifications.h
Examining src/ui_basic/spinbox.cc
Examining src/ui_basic/multilineeditbox.h
Examining src/ui_basic/helpwindow.cc
Examining src/ui_basic/slider.h
Examining src/ui_basic/listselect.h
Examining src/ui_basic/unique_window.h
Examining src/ui_basic/editbox.h
Examining src/ui_basic/icongrid.cc
Examining src/ui_basic/progresswindow.cc
Examining src/ui_basic/tabpanel.cc
Examining src/ui_basic/editbox.cc
Examining src/ui_basic/mouse_constants.h
Examining src/ui_basic/icongrid.h
Examining src/ui_basic/multilinetextarea.cc
Examining src/ui_basic/button.h
Examining src/ui_basic/radiobutton.h
Examining src/ui_basic/textarea.h
Examining src/ui_basic/panel.h
Examining src/ui_basic/checkbox.h
Examining src/ui_basic/multilinetextarea.h
Examining src/ui_basic/window.cc
Examining src/ui_basic/radiobutton.cc
Examining src/ui_basic/button.cc
Examining src/ui_basic/table.cc
Examining src/ui_basic/icon.cc
Examining src/ui_basic/messagebox.cc
Examining src/ui_basic/listselect.cc
Examining src/ui_basic/spinbox.h
Examining src/ui_basic/tabpanel.h
Examining src/ui_basic/box.h
Examining src/ui_basic/icon.h
Examining src/ui_basic/multilineeditbox.cc
Examining src/ui_basic/is_printable.h
Examining src/ui_basic/scrollbar.cc
Examining src/ui_basic/panel.cc
Examining src/ui_basic/slider.cc
Examining src/ui_basic/textarea.cc
Examining src/ui_basic/scrollbar.h
Examining src/ui_basic/window.h
Examining src/ui_basic/table.h
Examining src/ui_basic/is_printable.cc
Examining src/ui_basic/progressbar.h
Examining src/ui_basic/unique_window.cc
Examining src/ui_basic/progresswindow.h
Examining src/ui_basic/helpwindow.h
Examining src/ui_basic/messagebox.h
Examining src/ui_basic/box.cc
Examining src/ui_basic/checkbox.cc
Examining src/ui_basic/progressbar.cc
Examining src/ai/ai_help_structs.h
Examining src/ai/defaultai.h
Examining src/ai/ai_hints.h
Examining src/ai/ai_hints.cc
Examining src/ai/computer_player.cc
Examining src/ai/defaultai.cc
Examining src/ai/computer_player.h
Examining src/ai/ai_help_structs.cc
src/wlapplication.cc:844:  [5] (race) readlink:
  This accepts filename arguments; if an attacker can move those files
  or change the link content, a race condition results.  Also, it does not
  terminate with ASCII NUL. Reconsider approach. 
	size_t size = readlink("/proc/self/exe", buffer, PATH_MAX);
src/base/exceptions.cc:38:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		vsnprintf(buffer, sizeof(buffer), fmt, va);
src/base/exceptions.cc:61:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		vsnprintf(buffer, sizeof(buffer), em, va);
src/base/log.cc:36:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/economy/transfer.cc:290:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/editor/tools/editor_set_starting_pos_tool.cc:62:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
	strcpy(fsel_picsname, FSEL_PIC_FILENAME);
src/graphic/animation.cc:416:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			snprintf(pictempl, sizeof(pictempl), dirpictempl, dirstrings[dir]);
src/io/dedicated_log.cc:38:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/io/streamread.cc:35:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		vsnprintf(buffer, sizeof(buffer), fmt, va);
src/io/streamwrite.cc:41:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	int32_t i = vsnprintf(buffer, sizeof(buffer), fmt, va);
src/io/streamwrite.cc:60:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			i = vsnprintf(heapbuf, i + 1, fmt, va);
src/logic/game_data_error.cc:33:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		vsnprintf(buffer, sizeof(buffer), fmt, va);
src/logic/instances.cc:474:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/logic/trainingsite.cc:659:  [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. 
	sprintf(buf, "%s%d", upgrade.prefix.c_str(), level);
src/map_io/widelands_map_players_messages_data_packet.cc:47:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			snprintf(filename, sizeof(filename), FILENAME_TEMPLATE, p);
src/map_io/widelands_map_players_messages_data_packet.cc:246:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf(filename, sizeof(filename), PLAYERDIRNAME_TEMPLATE, p);
src/map_io/widelands_map_players_messages_data_packet.cc:248:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf(filename, sizeof(filename),      FILENAME_TEMPLATE, p);
src/map_io/widelands_map_players_view_data_packet.cc:114:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	snprintf(filename, sizeof(filename), filename_template, plnum, version);                        \
src/map_io/widelands_map_players_view_data_packet.cc:134:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf(filename, sizeof(filename), filename_template, plnum, fileversion);                 \
src/map_io/widelands_map_players_view_data_packet.cc:155:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf(filename, sizeof(filename), file_templ, plnum, fileversion);                        \
src/map_io/widelands_map_players_view_data_packet.cc:408:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf
src/map_io/widelands_map_players_view_data_packet.cc:509:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			snprintf
src/map_io/widelands_map_players_view_data_packet.cc:1040:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
   snprintf(filename, sizeof(filename), filename_template, plnum, version);   \
src/map_io/widelands_map_players_view_data_packet.cc:1179:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			snprintf(filename, sizeof(filename), PLAYERDIRNAME_TEMPLATE, plnum);
src/map_io/widelands_map_players_view_data_packet.cc:1181:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
			snprintf(filename, sizeof(filename),       DIRNAME_TEMPLATE, plnum);
src/network/nethost.cc:2269:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
						snprintf(buf, sizeof(buf), ngettext("%li second", "%li seconds", deltanow), deltanow);
src/network/network.cc:223:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		vsnprintf(buffer, sizeof(buffer), fmt, va);
src/profile/profile.cc:567:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/scripting/c_utils.cc:107:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), fmt, va);
src/third_party/eris/liolib.c:58:  [4] (shell) popen:
  This causes a new program to execute and is difficult to use safely.
  try using a library call that implements the same functionality if
  available. 
#define lua_popen(L,c,m)	((void)L, fflush(NULL), popen(c,m))
src/third_party/eris/liolib.c:352:  [4] (buffer) fscanf:
  The scanf() family's %s operation, without a limit specification,
  permits buffer overflows. Specify a limit to %s, or use a different input
  function. If the scanf format is influenceable by an attacker, it's
  exploitable.
  if (fscanf(f, LUA_NUMBER_SCAN, &d) == 1) {
src/third_party/eris/liolib.c:521:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
          fprintf(f, LUA_NUMBER_FMT, lua_tonumber(L, arg)) > 0;
src/third_party/eris/loslib.c:82:  [4] (shell) system:
  This causes a new program to execute and is difficult to use safely.
  try using a library call that implements the same functionality if
  available. 
  int stat = system(cmd);
src/third_party/eris/lstrlib.c:886:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
  strcpy(form + l - 1, lenmod);
src/third_party/eris/lstrlib.c:914:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
          nb = sprintf(buff, form, luaL_checkint(L, arg));
src/third_party/eris/lstrlib.c:924:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
          nb = sprintf(buff, form, ni);
src/third_party/eris/lstrlib.c:934:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
          nb = sprintf(buff, form, ni);
src/third_party/eris/lstrlib.c:943:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
          nb = sprintf(buff, form, (LUA_FLTFRM_T)luaL_checknumber(L, arg));
src/third_party/eris/lstrlib.c:960:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
            nb = sprintf(buff, form, s);
src/third_party/eris/luaconf.h:223:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be
  exploited. Use a constant for the format specification. 
	(fprintf(stderr, (s), (p)), fflush(stderr))
src/third_party/eris/luaconf.h:404:  [4] (format) sprintf:
  Potential format string problem. Make format string constant. 
#define lua_number2str(s,n)	sprintf((s), LUA_NUMBER_FMT, (n))
src/ui_basic/progresswindow.cc:147:  [4] (format) vsnprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
	vsnprintf(buffer, sizeof(buffer), format, va);
src/ui_fsmenu/loadgame.cc:244:  [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. 
		sprintf(buf, "%s", _("Unknown"));
src/ui_fsmenu/loadreplay.cc:202:  [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. 
			sprintf(buf, "%s", _("Unknown"));
src/wlapplication.cc:564:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
						snprintf(buffer, sizeof(buffer), SCREENSHOT_DIR "/shot%04u.png", nr);
src/wlapplication.cc:933:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). 
		strcpy(videodrvused + 16, videomode[i].c_str());
src/wui/game_main_menu_save_game.cc:175:  [4] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. 
		sprintf
src/wui/interactive_base.cc:311:  [4] (format) snprintf:
  If format strings can be influenced by an attacker, they can be
  exploited, and note that sprintf variations do not always \0-terminate. Use a
  constant for the format specification. 
		snprintf(buffer, sizeof(buffer), ("%u.%ux"), speed / 1000, speed / 100 % 10);
src/base/i18n.cc:138:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
	lang = getenv("LANG");
src/base/i18n.cc:143:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
		lang = getenv("LANGUAGE");
src/io/filesystem/filesystem.cc:163:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
   homedir = getenv(name);                                                    \
src/io/filesystem/filesystem.cc:175:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
	if (char const * const h = getenv("HOME"))
src/third_party/eris/lmathlib.c:227:  [3] (random) srand:
  This function is not sufficiently random for security-related
  functions such as key and nonce creation. use a more secure technique for
  acquiring random values. 
  srand(luaL_checkunsigned(L, 1));
src/third_party/eris/loadlib.c:639:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
  const char *path = getenv(envname1);
src/third_party/eris/loadlib.c:641:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
    path = getenv(envname2);  /* try alternative name */
src/third_party/eris/loslib.c:57:  [3] (tmpfile) tmpnam:
  Temporary file race condition. 
#define lua_tmpnam(b,e)		{ e = (tmpnam(b) == NULL); }
src/third_party/eris/loslib.c:117:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
  lua_pushstring(L, getenv(luaL_checkstring(L, 1)));  /* if NULL push nil */
src/wlapplication.cc:315:  [3] (random) srand:
  This function is not sufficiently random for security-related
  functions such as key and nonce creation. use a more secure technique for
  acquiring random values. 
	std::srand(time(nullptr));
src/wlapplication.cc:923:  [3] (buffer) getenv:
  Environment variables are untrustable input if they can be set by an
  attacker.  They can have any content and length, and the same variable
  can be set more than once. Check environment variables carefully before
  using them. 
		videodrv = getenv("SDL_VIDEODRIVER");
src/base/md5.cc:75:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy (&ctx->buffer[bytes], fillbuf, pad);
src/base/md5.cc:107:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
		memcpy (&ctx->buffer[left_over], buffer, add);
src/base/md5.cc:114:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
			memcpy
src/base/md5.cc:135:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
		memcpy (ctx->buffer, buffer, len);
src/editor/ui_menus/editor_main_menu_load_map.cc:173:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%i", map.get_nrplayers());
src/editor/ui_menus/editor_main_menu_load_map.cc:176:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%ix%i", map.get_width(), map.get_height());
src/editor/ui_menus/editor_main_menu_map_options.cc:117:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%ix%i", map.get_width(), map.get_height());
src/editor/ui_menus/editor_main_menu_map_options.cc:121:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%i", map.get_nrplayers());
src/editor/ui_menus/editor_main_menu_save_map.cc:234:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%i", map.get_nrplayers());
src/editor/ui_menus/editor_main_menu_save_map.cc:237:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%ix%i", map.get_width(), map.get_height());
src/editor/ui_menus/editor_tool_change_height_options_menu.cc:194:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%i", m_increase_tool.get_change_by());
src/editor/ui_menus/editor_tool_change_height_options_menu.cc:196:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%i", m_increase_tool.set_tool().get_interval().min);
src/editor/ui_menus/editor_tool_change_resources_options_menu.cc:230:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%i", m_increase_tool.get_change_by());
src/editor/ui_menus/editor_tool_change_resources_options_menu.cc:232:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%i", m_increase_tool.set_tool().get_set_to());
src/graphic/colormap.cc:32:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(palette, &pal, sizeof(palette));
src/graphic/graphic.cc:215:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
		m_caps.gl.major_version = atoi(str);
src/graphic/graphic.cc:216:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
		m_caps.gl.minor_version = strstr(str, ".")?atoi(strstr(str, ".") + 1):0;
src/graphic/image_transformations.cc:69:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
		memcpy(dstpix, srcpix, rowsize);
src/graphic/text/test/render_richtext.cc:55:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
	f.open(fn.c_str());
src/graphic/text_parser.cc:267:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
				element.set_font_size(atoi(val.c_str()));
src/graphic/text_parser.cc:271:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
				element.set_line_spacing(atoi(val.c_str()));
src/graphic/texture.cc:131:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
			memcpy
src/io/filesystem/disk_filesystem.cc:92:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
	FILE * const f = fopen(fullname.c_str(), "a");
src/io/filesystem/disk_filesystem.cc:355:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
		file = fopen(fullname.c_str(), "rb");
src/io/filesystem/disk_filesystem.cc:411:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
	FILE * const f = fopen(fullname.c_str(), append ? "a" : "wb");
src/io/filesystem/disk_filesystem.cc:444:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
		: m_file(fopen(fname.c_str(), "rb"))
src/io/filesystem/disk_filesystem.cc:489:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
		m_file = fopen(fname.c_str(), "wb");
src/io/filewrite.cc:76:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(data_ + i, src, size);
src/io/machdep.h:86:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(&r, ptr, sizeof(r));
src/io/machdep.h:92:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(&r, ptr, sizeof(r));
src/io/machdep.h:98:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(&r, ptr, sizeof(r));
src/logic/campaign_visibility.cc:105:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(csection, "campsect%i", i);
src/logic/campaign_visibility.cc:109:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
			sprintf(cvisible, "campvisi%i", i);
src/logic/campaign_visibility.cc:110:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
			sprintf(cnewvisi, "cnewvisi%i", i);
src/logic/campaign_visibility.cc:120:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
			sprintf(csection, "campsect%i", i);
src/logic/campaign_visibility.cc:128:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(csection, "campsect%i", i);
src/logic/campaign_visibility.cc:133:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(number, "%02i", imap);
src/logic/campaign_visibility.cc:148:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
			sprintf(number, "%02i", imap);
src/logic/campaign_visibility.cc:153:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(csection, "campsect%i", i);
src/logic/immovable.cc:897:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
				long int const value = atoi(params[i].c_str());
src/logic/immovable.cc:1147:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
		m_buildtime = atoi(params[1].c_str());
src/logic/immovable.cc:1148:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
		m_decaytime = atoi(params[2].c_str());
src/logic/worker_program.cc:634:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
	act->iparam1 = atoi(cmd[1].c_str());
src/logic/worker_program.cc:635:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
	act->iparam2 = atoi(cmd[2].c_str());
src/logic/worker_program.cc:656:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
		atoi(cmd[2].c_str());
src/main.cc:88:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
			open("/dev/null", O_RDWR);
src/map_io/coords_profile.cc:58:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buffer, "%i %i", value.x, value.y);
src/map_io/s2map.cc:175:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(buffer, fr.Data(6), 6);
src/map_io/s2map.cc:209:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
		memcpy(section.get() + y * width, ptr, width);
src/map_io/s2map.cc:386:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
	memcpy(&header, fr.Data(sizeof(header)), sizeof(header));
src/network/netclient.cc:821:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
		memcpy(fp.part, &buf[0], size);
src/network/nethost.cc:1549:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
			memcpy(fp.part, fr.Data(readout), readout);
src/network/network_lan_promotion.cc:167:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk
  is low because the source is a constant string.
	strcpy (gameinfo.magic, "GAME");
src/profile/profile.cc:494:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buffer, "%i", value);
src/third_party/eris/eris.c:504:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(&rep, &value, sizeof(float));
src/third_party/eris/eris.c:511:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(&rep, &value, sizeof(double));
src/third_party/eris/eris.c:634:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(&value, &rep, sizeof(float));
src/third_party/eris/eris.c:642:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(&value, &rep, sizeof(double));
src/third_party/eris/eris.c:2247:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
      memcpy(newbuff, eris_buffer(buff), eris_bufflen(buff));
src/third_party/eris/eris.c:2253:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(&eris_buffer(buff)[eris_bufflen(buff)], value, sz);
src/third_party/eris/lauxlib.c:449:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
    memcpy(newbuff, B->b, B->n * sizeof(char));
src/third_party/eris/lauxlib.c:461:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(b, s, l * sizeof(char));
src/third_party/eris/lauxlib.c:642:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
    lf.f = fopen(filename, "r");
src/third_party/eris/liolib.c:220:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
  p->f = fopen(fname, mode);
src/third_party/eris/liolib.c:232:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
  p->f = fopen(filename, mode);
src/third_party/eris/liolib.c:258:  [2] (tmpfile) tmpfile:
  Function tmpfile() has a security flaw on some systems (e.g., older
  System V systems). 
  p->f = tmpfile();
src/third_party/eris/loadlib.c:331:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
  FILE *f = fopen(filename, "r");  /* try to open file */
src/third_party/eris/lobject.c:209:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
        int l = sprintf(buff, "%p", va_arg(argp, void *));
src/third_party/eris/lobject.c:250:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
#define addstr(a,b,l)	( memcpy(a,b,(l) * sizeof(char)), a += (l) )
src/third_party/eris/lobject.c:256:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
      memcpy(out, source + 1, l * sizeof(char));
src/third_party/eris/lobject.c:264:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
      memcpy(out, source + 1, l * sizeof(char));
src/third_party/eris/lobject.c:268:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
      memcpy(out, source + 1 + l - bufflen, bufflen * sizeof(char));
src/third_party/eris/lobject.c:284:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
    memcpy(out, POS, (LL(POS) + 1) * sizeof(char));
src/third_party/eris/loslib.c:49:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk
  is low because the source is a constant string.
        strcpy(b, "/tmp/lua_XXXXXX"); \
src/third_party/eris/loslib.c:50:  [2] (tmpfile) mkstemp:
  Potential for temporary file vulnerability in some circumstances. 
  Some older Unix-like systems create temp files with permission to write by
  all by default, so be sure to set the umask to override this. Also,
  some older Unix systems might fail to use O_EXCL when opening the file, so
  make sure that O_EXCL is used by the library. 
        e = mkstemp(b); \
src/third_party/eris/lstate.c:87:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
    memcpy(buff + p, &t, sizeof(t)); p += sizeof(t); }
src/third_party/eris/lstring.c:107:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(ts+1, str, l*sizeof(char));
src/third_party/eris/lstrlib.c:121:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
      memcpy(p, s, l * sizeof(char)); p += l;
src/third_party/eris/lstrlib.c:123:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
        memcpy(p, sep, lsep * sizeof(char)); p += lsep;
src/third_party/eris/lstrlib.c:126:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
    memcpy(p, s, l * sizeof(char));  /* last copy (not followed by separator) */
src/third_party/eris/lstrlib.c:845:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
        sprintf(buff, "\\%d", (int)uchar(*s));
src/third_party/eris/lstrlib.c:847:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
        sprintf(buff, "\\%03d", (int)uchar(*s));
src/third_party/eris/lstrlib.c:872:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
  memcpy(form, strfrmt, (p - strfrmt + 1) * sizeof(char));
src/third_party/eris/lundump.c:195:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
 memcpy(s,h,sizeof(char));			/* first char already read */
src/third_party/eris/lundump.c:247:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
 memcpy(h,LUA_SIGNATURE,sizeof(LUA_SIGNATURE)-sizeof(char));
src/third_party/eris/lundump.c:257:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
 memcpy(h,LUAC_TAIL,sizeof(LUAC_TAIL)-sizeof(char));
src/third_party/eris/lvm.c:324:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
        memcpy(buffer+tl, svalue(top-i), l * sizeof(char));
src/third_party/eris/lzio.c:58:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination. Make
  sure destination can always hold the source data. 
    memcpy(b, z->p, m);
src/third_party/minizip/unzip.cc:2561:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move
  things around to create a race condition, control its ancestors, or change
  its contents?. 
		file = fopen(filename, mode_fopen);
src/ui_fsmenu/campaign_select.cc:158:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cname,        "campname%u", i);
src/ui_fsmenu/campaign_select.cc:159:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cdifficulty,  "campdiff%u", i);
src/ui_fsmenu/campaign_select.cc:160:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cdescription, "campdesc%u", i);
src/ui_fsmenu/campaign_select.cc:161:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cdif_descr, "campdiffdescr%u", i);
src/ui_fsmenu/campaign_select.cc:210:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(csection, "campsect%u", i);
src/ui_fsmenu/campaign_select.cc:213:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cname,       "campname%u", i);
src/ui_fsmenu/campaign_select.cc:214:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(cdifficulty, "campdiff%u", i);
src/ui_fsmenu/campaign_select.cc:238:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(csection, "campsect%u", i);
src/ui_fsmenu/campaign_select.cc:393:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(cname, "campname%u", campaign);
src/ui_fsmenu/campaign_select.cc:398:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(csection, "campsect%u", campaign);
src/ui_fsmenu/campaign_select.cc:406:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(number, "%02u", i);
src/ui_fsmenu/campaign_select.cc:422:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(number, "%02u", i);
src/ui_fsmenu/editor_mapselect.cc:179:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%i", map.get_nrplayers());
src/ui_fsmenu/editor_mapselect.cc:182:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%ix%i", map.get_width(), map.get_height());
src/ui_fsmenu/launch_spg.cc:162:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(posIco, "pics/fsel_editor_set_player_0%i_pos.png", i + 1);
src/ui_fsmenu/loadgame.cc:242:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%i", gpdp.get_number_of_players());
src/ui_fsmenu/loadreplay.cc:200:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
			sprintf(buf, "%i", gpdp.get_number_of_players());
src/ui_fsmenu/mapselect.cc:259:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%-4ux%4u", map.width, map.height);
src/ui_fsmenu/mapselect.cc:261:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%i", map.nrplayers);
src/ui_fsmenu/mapselect.cc:416:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
					sprintf(buf, "(%i)", mapdata.nrplayers);
src/ui_fsmenu/mapselect.cc:472:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
				sprintf(buf, "(%i)", mapdata.nrplayers);
src/ui_fsmenu/mapselect.cc:498:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
				sprintf(buf, "(%i)", mapdata.nrplayers);
src/ui_fsmenu/options.cc:321:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, _("%1$i x %2$i"), m_resolutions[i].xres, m_resolutions[i].yres);
src/ui_fsmenu/options.cc:331:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
		sprintf(buf, "%1$i x %2$i", opt.xres, opt.yres);
src/wlapplication.cc:930:  [2] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination.
  Consider using strncpy or strlcpy (warning, strncpy is easily misused). Risk
  is low because the source is a constant string.
	strcpy(videodrvused, "SDL_VIDEODRIVER=\0");
src/wlapplication.cc:1763:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
			tfile.tm_mday = atoi(timestr.substr(8, 2).c_str());
src/wlapplication.cc:1764:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
			tfile.tm_mon = atoi(timestr.substr(5, 2).c_str()) - 1;
src/wlapplication.cc:1765:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
			tfile.tm_year = atoi(timestr.substr(0, 4).c_str()) - 1900;
src/wui/attack_box.cc:132:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%u / %u", m_slider_soldiers->get_value(), max_attackers);
src/wui/attack_box.cc:135:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%u", max_attackers);
src/wui/attack_box.cc:161:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%u / %u", max_attackers > 0 ? 1 : 0, max_attackers);
src/wui/attack_box.cc:176:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buf, "%u", max_attackers);
src/wui/encyclopedia_window.cc:195:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
					sprintf(amount_string, "%u", temp_group.second);
src/wui/interactive_base.cc:988:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
	uint32_t serial = atoi(args[1].c_str());
src/wui/interactive_player.cc:457:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range. 
  If source untrusted, check both minimum and maximum, even if the input
  had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended). 
	int const n = atoi(args[1].c_str());
src/wui/soldiercapacitycontrol.cc:93:  [2] (buffer) sprintf:
  Does not check for buffer overflows. Use snprintf or vsnprintf. Risk
  is low because the source has a constant maximum length.
	sprintf(buffer, "%2u", capacity);
src/base/md5.cc:41:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%02x", data[i]);
src/economy/transfer.cc:317:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
void Transfer::read(FileRead & fr, Transfer::ReadData & rd)
src/economy/transfer.h:72:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	void read(FileRead & fr, ReadData & rd);
src/economy/ware_instance.cc:565:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
		ware.m_transfer->read(fr, m_transfer);
src/editor/tools/editor_info_tool.cc:83:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf1, sizeof(buf1), _("Owned by: %u"), f.get_owned_by());
src/editor/ui_menus/editor_main_menu_new_map.cc:62:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_new_map.cc:82:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_new_map.cc:132:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_new_map.cc:136:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:91:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:124:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:133:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:175:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Water: %u %%"), m_waterval);
src/editor/ui_menus/editor_main_menu_random_map.cc:200:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:226:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:236:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:325:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Players: %u"), m_pn);
src/editor/ui_menus/editor_main_menu_random_map.cc:425:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:429:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:434:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:437:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:440:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:443:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_main_menu_random_map.cc:447:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Players: %u"), m_pn);
src/editor/ui_menus/editor_main_menu_save_map.cc:360:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	if (filename.size() >= strlen(WLMF_SUFFIX)) {
src/editor/ui_menus/editor_main_menu_save_map.cc:363:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
			(buffer, sizeof(WLMF_SUFFIX), filename.size() - strlen(WLMF_SUFFIX));
src/editor/ui_menus/editor_main_menu_save_map.cc:364:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		if (!strncasecmp(buffer, WLMF_SUFFIX, strlen(WLMF_SUFFIX)))
src/editor/ui_menus/editor_tool_noise_height_options_menu.cc:146:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Minimum: %u"), height_interval.min);
src/editor/ui_menus/editor_tool_noise_height_options_menu.cc:148:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Maximum: %u"), height_interval.max);
src/editor/ui_menus/editor_tool_noise_height_options_menu.cc:151:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/editor/ui_menus/editor_toolsize_menu.cc:75:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), _("Current Size: %u"), val + 1);
src/game_io/game_preload_data_packet.cc:53:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
		prof.read("preload", nullptr, fs);
src/graphic/animation.cc:399:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/graphic/animation.cc:407:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. Risk is low because the source is a constant string.
		strncpy(repl, "%s", 2);
src/graphic/animation.cc:421:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(animname, sizeof(animname), "%s_%s", name.c_str(), dirstrings[dir]);
src/graphic/animation.cc:430:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(animname, sizeof(animname), "%s_%s", name.c_str(), dirstrings[dir]);
src/io/filesystem/zip_filesystem.cc:174:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	return filename_inzip[strlen(filename_inzip) - 1] == '/';
src/io/filesystem/zip_filesystem.cc:331:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buf, sizeof(buf), "read error %i", len);
src/io/streamwrite.h:85:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	void CString(char        const * const x) {Data(x,         strlen(x) + 1);}
src/io/streamwrite.h:89:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	void Text   (char        const * const x) {Data(x,         strlen(x));}
src/logic/building.cc:896:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		(strlen("<rt image=") + img.size() + 1 +
src/logic/building.cc:897:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		 strlen("<p font-size=14 font-face=DejaVuSerif></p>") +
src/logic/building.cc:899:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		 strlen("</rt>"));
src/logic/critter.cc:52:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "%i", idx);
src/logic/critter.cc:158:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(defaultpics, sizeof(defaultpics), "%s_walk_!!_??.png", _name);
src/logic/game.cc:587:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command
  by the same name).   The interaction of this function with SIGALRM and
  other timer functions such as sleep(), alarm(), setitimer(), and
  nanosleep() is unspecified. Use nanosleep(2) or setitimer(2) instead. 
			if (usleep(100) == -1)
src/logic/immovable.cc:147:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
			std::unique_ptr<char []> arguments(new char[strlen(v->get_string()) + 1]);
src/logic/immovable.cc:148:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
			strncpy(arguments.get(), v->get_string(), strlen(v->get_string()) + 1);
src/logic/immovable.cc:148:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
			strncpy(arguments.get(), v->get_string(), strlen(v->get_string()) + 1);
src/logic/immovable.cc:191:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
		strncpy(arguments.get(), parts[1].c_str(), parts[1].size() + 1);
src/logic/map.cc:548:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(m_filename, sizeof(m_filename), "%s", string);
src/logic/map.cc:553:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(m_author, sizeof(m_author), "%s", string);
src/logic/map.cc:558:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(m_name, sizeof(m_name), "%s", string);
src/logic/map.cc:563:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(m_description, sizeof(m_description), "%s", string);
src/logic/parse_map_object_types.h:36:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
            path.resize(path.size() - strlen("conf"));                        \
src/logic/requirements.cc:47:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			*this = RequirementsStorage::read(fr, egbase, mol);
src/logic/requirements.cc:88:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
Requirements RequirementsStorage::read
src/logic/requirements.h:122:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	static Requirements read
src/logic/save_handler.cc:137:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	if (filename.size() >= strlen(WLGF_SUFFIX)) {
src/logic/save_handler.cc:140:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
			(buffer, sizeof(WLGF_SUFFIX), filename.size() - strlen(WLGF_SUFFIX));
src/logic/save_handler.cc:141:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		if (!strncasecmp(buffer, WLGF_SUFFIX, strlen(WLGF_SUFFIX)))
src/logic/single_player_game_settings_provider.cc:86:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%s %u", _("Player"), oldplayers + 1);
src/logic/soldier.cc:136:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "hp_level_%u_pic",      i);
src/logic/soldier.cc:141:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "attack_level_%u_pic",  i);
src/logic/soldier.cc:146:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "defense_level_%u_pic", i);
src/logic/soldier.cc:151:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "evade_level_%i_pic",   i);
src/logic/soldier.cc:1550:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf
src/logic/tribe.cc:408:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "resi_%s%i", res->name().c_str(), i);
src/logic/tribe.cc:435:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/logic/warehouse.cc:455:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/logic/worker.cc:937:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(message,
src/logic/worker.cc:1840:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/logic/worker.cc:2961:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			worker.m_transfer->read(fr, m_transfer);
src/logic/worker_program.cc:70:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buf, sizeof(buf), "%i", idx);
src/map_io/widelands_map_allowed_building_types_data_packet.cc:44:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
		prof.read("allowed_building_types", nullptr, fs);
src/map_io/widelands_map_allowed_building_types_data_packet.cc:47:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			prof.read("allowed_buildings", nullptr, fs);
src/map_io/widelands_map_allowed_building_types_data_packet.cc:72:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_allowed_building_types_data_packet.cc:111:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_allowed_worker_types_data_packet.cc:47:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
		prof.read("allowed_worker_types", nullptr, fs);
src/map_io/widelands_map_allowed_worker_types_data_packet.cc:59:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_allowed_worker_types_data_packet.cc:96:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_elemental_data_packet.cc:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	prof.read("elemental", nullptr, fs);
src/map_io/widelands_map_extradata_data_packet.cc:43:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	try {prof.read("extra_data", nullptr, fs);} catch (...) {return;}
src/map_io/widelands_map_objective_data_packet.cc:45:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	try {prof.read("objective", nullptr, fs);} catch (...) {return;}
src/map_io/widelands_map_player_names_and_tribes_data_packet.cc:60:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	prof.read("player_names", nullptr, fs);
src/map_io/widelands_map_player_names_and_tribes_data_packet.cc:69:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_player_names_and_tribes_data_packet.cc:97:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_player_position_data_packet.cc:37:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	prof.read("player_position", nullptr, fs);
src/map_io/widelands_map_player_position_data_packet.cc:52:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_player_position_data_packet.cc:80:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "player_%u", p);
src/map_io/widelands_map_players_messages_data_packet.cc:49:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			try {prof.read(filename, nullptr, fs);} catch (...) {continue;}
src/map_io/widelands_map_port_spaces_data_packet.cc:40:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	prof.read("port_spaces", nullptr, fs);
src/map_io/widelands_map_port_spaces_data_packet.cc:56:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buf, sizeof(buf), "%u", i);
src/map_io/widelands_map_port_spaces_data_packet.cc:104:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%u", i++);
src/map_io/widelands_map_version_data_packet.cc:45:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	try {prof.read("version", nullptr, fs);} catch (...)
src/network/internet_gaming.cc:269:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			if (!m_deserializer.read(m_sock)) {
src/network/netclient.cc:301:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buf, sizeof(buf), "network player %i", d->settings.playernum);
src/network/netclient.cc:1047:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
			if (!d->deserializer.read(d->sock)) {
src/network/nethost.cc:773:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command
  by the same name).   The interaction of this function with SIGALRM and
  other timer functions such as sleep(), alarm(), setitimer(), and
  nanosleep() is unspecified. Use nanosleep(2) or setitimer(2) instead. 
				if (usleep(100000)) // Sleep for 0.1 seconds - there is not anybody connected anyways.
src/network/nethost.cc:780:  [1] (obsolete) usleep:
  This C routine is considered obsolete (as opposed to the shell command
  by the same name).   The interaction of this function with SIGALRM and
  other timer functions such as sleep(), alarm(), setitimer(), and
  nanosleep() is unspecified. Use nanosleep(2) or setitimer(2) instead. 
				if (usleep(200) == -1)
src/network/nethost.cc:1358:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
				prof.read("map/elemental", nullptr, *sg_fs);
src/network/nethost.cc:1422:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/network/nethost.cc:2006:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), _("Computer %u"), ++suffix);
src/network/nethost.cc:2079:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buf, sizeof(buf), "%u", i++);
src/network/nethost.cc:2274:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
							snprintf(buf, sizeof(buf), "%li", 300 - deltanow);
src/network/nethost.cc:2526:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
					if (!client.deserializer.read(client.sock)) {
src/network/nethost.cc:2651:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
						prof.read("map/elemental", nullptr, *sg_fs);
src/network/network.cc:189:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
bool Deserializer::read(TCPsocket sock)
src/network/network.h:143:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	bool read(TCPsocket sock);
src/network/network_lan_promotion.cc:51:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
		strncpy (ifr.ifr_name, ifnames[i].if_name, IFNAMSIZ);
src/network/network_lan_promotion.cc:172:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
	strncpy
src/network/network_lan_promotion.cc:212:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. 
	strncpy (gameinfo.map, map, sizeof(gameinfo.map));
src/network/network_lan_promotion.cc:233:  [1] (buffer) strncpy:
  Easily used incorrectly; doesn't always \0-terminate or check for
  invalid pointers. Risk is low because the source is a constant string.
	strncpy (magic, "QUERY", 8);
src/profile/profile.cc:539:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	read(filename, global_section);
src/profile/profile.cc:550:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	read(filename, global_section);
src/profile/profile.cc:710:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
void Profile::read
src/profile/profile.cc:762:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
						(char * eot = line + strlen(line) - 1;
src/profile/profile.cc:798:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
					char * const eot = tail + strlen(tail) - 1;
src/profile/profile.cc:802:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
							char * const eot2 = tail + strlen(tail) - 1;
src/profile/profile.cc:872:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
				uint32_t spaces = strlen(temp_value.get_name());
src/profile/profile.cc:875:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
				for (uint32_t i = 0; i < strlen(str); ++i) {
src/profile/profile.h:212:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	void read
src/scripting/lua_bases.cc:319:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf
src/scripting/lua_coroutine.cc:146:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
void LuaCoroutine::read(lua_State* parent, FileRead& fr) {
src/scripting/lua_coroutine.h:75:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	void read(lua_State*, FileRead&);
src/scripting/lua_map.cc:3526:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buf, sizeof(buf), "%i_%i", m_c.x, m_c.y);
src/scripting/lua_map.cc:3856:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buf, sizeof(buf), "Field(%i,%i)", m_c.x, m_c.y);
src/scripting/luna.h:95:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	if (strlen(sub_namespace) != 0) {
src/scripting/scripting.cc:329:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	rv->read(m_L, fr);
src/scripting/test/test_luna.cc:216:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script1, strlen(script1), "testscript1"));
src/scripting/test/test_luna.cc:232:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script1, strlen(script1), "testscript1"));
src/scripting/test/test_luna.cc:253:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script2, strlen(script2), "testscript2"));
src/scripting/test/test_luna.cc:272:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script3, strlen(script3), "testscript3"));
src/scripting/test/test_luna.cc:291:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script4, strlen(script4), "testscript4"));
src/scripting/test/test_luna.cc:311:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script5, strlen(script5), "testscript5"));
src/scripting/test/test_luna.cc:330:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script6, strlen(script6), "testscript6"));
src/scripting/test/test_luna.cc:350:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	BOOST_REQUIRE_EQUAL(0, luaL_loadbuffer(L, script6, strlen(script6), "testscript6"));
src/third_party/eris/lauxlib.c:368:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
      *len = (def ? strlen(def) : 0);
src/third_party/eris/lauxlib.c:467:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  luaL_addlstring(B, s, strlen(s));
src/third_party/eris/lauxlib.c:601:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop. 
    c = getc(lf->f);
src/third_party/eris/lauxlib.c:606:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop. 
  return getc(lf->f);  /* return next character */
src/third_party/eris/lauxlib.c:621:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop. 
      c = getc(lf->f);
src/third_party/eris/lauxlib.c:623:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop. 
    *cp = getc(lf->f);  /* skip end-of-line, if present */
src/third_party/eris/lauxlib.c:692:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  return luaL_loadbuffer(L, s, strlen(s), s);
src/third_party/eris/lauxlib.c:773:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
    if (e == NULL) e = fname + strlen(fname);
src/third_party/eris/lauxlib.c:905:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  size_t l = strlen(p);
src/third_party/eris/ldblib.c:351:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
    if (luaL_loadbuffer(L, buffer, strlen(buffer), "=(debug command)") ||
src/third_party/eris/liolib.c:268:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
    luaL_error(L, "standard %s file is closed", findex + strlen(IO_PREFIX));
src/third_party/eris/liolib.c:364:  [1] (buffer) getc:
  Check buffer boundaries if used in a loop. 
  int c = getc(f);
src/third_party/eris/liolib.c:381:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
    l = strlen(p);
src/third_party/eris/loadlib.c:343:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  if (l == NULL) l = path + strlen(path);
src/third_party/eris/lobject.c:190:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
        pushstr(L, s, strlen(s));
src/third_party/eris/lobject.c:227:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  pushstr(L, fmt, strlen(fmt));
src/third_party/eris/lobject.c:253:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  size_t l = strlen(source);
src/third_party/eris/lstring.c:171:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  return luaS_newlstr(L, str, strlen(str));
src/third_party/eris/lstrlib.c:571:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
    upto += strlen(p + upto) + 1;  /* may have more after \0 */
src/third_party/eris/lstrlib.c:883:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  size_t l = strlen(form);
src/third_party/eris/lstrlib.c:884:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
  size_t lm = strlen(lenmod);
src/third_party/eris/lvm.c:218:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
      size_t len = strlen(l);  /* index of first `\0' in both strings */
src/third_party/minizip/unzip.cc:1951:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	size_comment = comment ? static_cast<uInt>(strlen(comment)) : 0;
src/third_party/minizip/unzip.cc:1953:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
	size_filename = static_cast<uInt>(strlen(filename));
src/third_party/minizip/unzip.cc:2395:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated (it could cause a
  crash if unprotected). 
		global_comment ? static_cast<uInt>(strlen(global_comment)) : 0;
src/ui_basic/spinbox.cc:107:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buf, sizeof(buf), "%i %s", sbi->value, sbi->unit.c_str());
src/ui_basic/spinbox.cc:174:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%i %s", sbi->value, sbi->unit.c_str());
src/ui_basic/spinbox.cc:337:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%i %s", value, sbi->unit.c_str());
src/ui_fsmenu/base.cc:60:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), "pics/%s", bgpic);
src/ui_fsmenu/launch_mpg.cc:386:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
		prof.read("map/elemental", nullptr, *l_fs);
src/ui_fsmenu/launch_mpg.cc:550:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	prof.read("map/player_names", nullptr, *l_fs);
src/ui_fsmenu/launch_mpg.cc:562:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "player_%u", i);
src/ui_fsmenu/launch_mpg.cc:568:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), _("Player %u"), i);
src/wlapplication.cc:743:  [1] (buffer) read:
  Check buffer boundaries if used in a loop. 
	g_options.read("config", "global");
src/wui/building_statistics_menu.cc:471:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buffer, sizeof(buffer), "%3u", percent);
src/wui/building_statistics_menu.cc:478:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buffer, sizeof(buffer), " ");
src/wui/building_statistics_menu.cc:487:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "%3u", nr_owned); //  space-pad for sort
src/wui/building_statistics_menu.cc:493:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "%3u", nr_build); //  space-pad for sort
src/wui/buildingwindow.cc:232:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf
src/wui/chat_msg_layout.cc:35:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buf, sizeof(buf), "%.2x%.2x%.2x", clr.r, clr.g, clr.b);
src/wui/game_debug_ui.cc:161:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
	snprintf(buffer, sizeof(buffer), "%u", m_serial);
src/wui/game_debug_ui.cc:187:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "DEAD: %u", m_serial);
src/wui/game_debug_ui.cc:287:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/wui/game_debug_ui.cc:316:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "Player %u:\n", plnum);
src/wui/game_debug_ui.cc:318:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/wui/game_debug_ui.cc:323:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "  vision: %u\n", vision);
src/wui/game_debug_ui.cc:329:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf
src/wui/game_debug_ui.cc:340:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf
src/wui/game_debug_ui.cc:355:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf
src/wui/game_debug_ui.cc:368:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buffer, sizeof(buffer), "  seen %u times\n", vision - 1);
src/wui/game_debug_ui.cc:377:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer,
src/wui/game_debug_ui.cc:384:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/wui/game_debug_ui.cc:394:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/wui/general_statistics_menu.cc:149:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf(buffer, sizeof(buffer), "pics/genstats_enable_plr_%02u.png", p);
src/wui/multiplayersetupgroup.cc:119:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf
src/wui/multiplayersetupgroup.cc:122:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf(buf2, sizeof(buf2), _("Player %i"), us.position + 1);
src/wui/multiplayersetupgroup.cc:124:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
					snprintf(buf2, sizeof(buf2), _("Spectator"));
src/wui/multiplayersetupgroup.cc:172:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
		snprintf
src/wui/multiplayersetupgroup.cc:287:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(pic, sizeof(pic), "pics/fsel_editor_set_player_0%i_pos.png", player_setting.shared_in);
src/wui/multiplayersetupgroup.cc:288:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(hover, sizeof(hover), _("Player %i"), player_setting.shared_in);
src/wui/multiplayersetupgroup.cc:343:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buf, sizeof(buf), "%i", player_setting.team);
src/wui/playerdescrgroup.cc:216:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf(buf, sizeof(buf), "%i", player.team);
src/wui/productionsitewindow.cc:177:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
				snprintf
src/wui/watchwindow.cc:207:  [1] (port) snprintf:
  On some very old systems, snprintf is incorrectly implemented and
  permits buffer overflows; there are also incompatible standard definitions
  of it. Check it during installation, or use something else. 
			snprintf(buffer, sizeof(buffer), "%i", i + 1);

Hits = 385
Lines analyzed = 190492 in 4.51 seconds (47544 lines/second)
Physical Source Lines of Code (SLOC) = 121909
Hits@level = [0]   0 [1] 201 [2] 125 [3]  11 [4]  47 [5]   1
Hits@level+ = [0+] 385 [1+] 385 [2+] 184 [3+]  59 [4+]  48 [5+]   1
Hits/KSLOC@level+ = [0+] 3.15809 [1+] 3.15809 [2+] 1.50932 [3+] 0.483968 [4+] 0.393736 [5+] 0.00820284
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!