Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/ace-of-penguins-1.5~rc2/games/canfield.c Examining data/ace-of-penguins-1.5~rc2/games/solitaire.c Examining data/ace-of-penguins-1.5~rc2/games/thornq.c Examining data/ace-of-penguins-1.5~rc2/games/merlin.c Examining data/ace-of-penguins-1.5~rc2/games/taipeilib.c Examining data/ace-of-penguins-1.5~rc2/games/minesweeper.c Examining data/ace-of-penguins-1.5~rc2/games/taipeilib.h Examining data/ace-of-penguins-1.5~rc2/games/golf.c Examining data/ace-of-penguins-1.5~rc2/games/taipei.c Examining data/ace-of-penguins-1.5~rc2/games/mastermind.c Examining data/ace-of-penguins-1.5~rc2/games/spider.c Examining data/ace-of-penguins-1.5~rc2/games/taipedit.c Examining data/ace-of-penguins-1.5~rc2/games/taipei.h Examining data/ace-of-penguins-1.5~rc2/games/pegged.c Examining data/ace-of-penguins-1.5~rc2/games/freecell.c Examining data/ace-of-penguins-1.5~rc2/lib/imagelib.c Examining data/ace-of-penguins-1.5~rc2/lib/make-imglib.c Examining data/ace-of-penguins-1.5~rc2/lib/xwin.h Examining data/ace-of-penguins-1.5~rc2/lib/text2c.c Examining data/ace-of-penguins-1.5~rc2/lib/stack.c Examining data/ace-of-penguins-1.5~rc2/lib/funcs.c Examining data/ace-of-penguins-1.5~rc2/lib/imagelib.h Examining data/ace-of-penguins-1.5~rc2/lib/table_rn.c Examining data/ace-of-penguins-1.5~rc2/lib/funcs.h Examining data/ace-of-penguins-1.5~rc2/lib/xwin.c Examining data/ace-of-penguins-1.5~rc2/lib/penguins.c Examining data/ace-of-penguins-1.5~rc2/lib/help.c Examining data/ace-of-penguins-1.5~rc2/lib/cards.h Examining data/ace-of-penguins-1.5~rc2/lib/table.h Examining data/ace-of-penguins-1.5~rc2/lib/table.c Examining data/ace-of-penguins-1.5~rc2/tests/test6.c Examining data/ace-of-penguins-1.5~rc2/tests/test4.c Examining data/ace-of-penguins-1.5~rc2/tests/test1.c Examining data/ace-of-penguins-1.5~rc2/tests/test5.c Examining data/ace-of-penguins-1.5~rc2/tests/penguins.c Examining data/ace-of-penguins-1.5~rc2/tests/test3.c FINAL RESULTS: data/ace-of-penguins-1.5~rc2/games/taipei.c:471:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(n, "%s", tile_names[i]); data/ace-of-penguins-1.5~rc2/lib/help.c:162:5: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(name, "*-%s-%s-%s-*--*-%d-*-*-*-*-*-*", data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:23:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s/%s", a, b); data/ace-of-penguins-1.5~rc2/lib/xwin.c:263:3: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(sl, "%s%s", AOP, name); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:244:13: [3] (buffer) getopt: Some older implementations do not protect against internal buffer overflows (CWE-120, CWE-20). Check implementation on installation, or limit the size of all string inputs. switch (getopt(argc, argv, "vhn:i:d:m:")) { data/ace-of-penguins-1.5~rc2/lib/penguins.c:61:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/ace-of-penguins-1.5~rc2/lib/stack.c:337:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/ace-of-penguins-1.5~rc2/lib/table_rn.c:38:1: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(unsigned seed) data/ace-of-penguins-1.5~rc2/tests/penguins.c:57:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(0)); data/ace-of-penguins-1.5~rc2/games/canfield.c:41:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char base_mesg[14]; data/ace-of-penguins-1.5~rc2/games/canfield.c:80:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(base_mesg, "Base rank: %d", base_rank); data/ace-of-penguins-1.5~rc2/games/canfield.c:166:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char names[5][5]; data/ace-of-penguins-1.5~rc2/games/canfield.c:172:2: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(names[n], "%c%c", face[VALUE(c)], suits[SUIT(c)]); data/ace-of-penguins-1.5~rc2/games/freecell.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/games/freecell.c:167:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char names[5][5]; data/ace-of-penguins-1.5~rc2/games/freecell.c:172:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(names[n], "%c%c", face[VALUE(c)], suits[SUIT(c)]); data/ace-of-penguins-1.5~rc2/games/golf.c:107:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[10]; data/ace-of-penguins-1.5~rc2/games/golf.c:110:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, "%2d", c); data/ace-of-penguins-1.5~rc2/games/golf.c:112:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, " "); data/ace-of-penguins-1.5~rc2/games/merlin.c:29:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char grid[9]; data/ace-of-penguins-1.5~rc2/games/merlin.c:31:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char affects[9][9] = { data/ace-of-penguins-1.5~rc2/games/minesweeper.c:51:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char grid[32][32]; data/ace-of-penguins-1.5~rc2/games/minesweeper.c:52:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bomb[32][32]; data/ace-of-penguins-1.5~rc2/games/minesweeper.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char neighbors[32][32]; data/ace-of-penguins-1.5~rc2/games/minesweeper.c:174:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[4]; data/ace-of-penguins-1.5~rc2/games/minesweeper.c:177:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(tmp, "000"); data/ace-of-penguins-1.5~rc2/games/minesweeper.c:179:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%03d", untagged); data/ace-of-penguins-1.5~rc2/games/pegged.c:154:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char grid[MAXX+1][MAXY+1]; data/ace-of-penguins-1.5~rc2/games/solitaire.c:639:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[10] = ""; data/ace-of-penguins-1.5~rc2/games/solitaire.c:643:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf (buffer, "$%d", winnings); data/ace-of-penguins-1.5~rc2/games/taipedit.c:45:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "w"); data/ace-of-penguins-1.5~rc2/games/taipedit.c:97:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10]; data/ace-of-penguins-1.5~rc2/games/taipedit.c:104:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "%5d%c", tile_count, tile_count%4 ? '!' : ' '); data/ace-of-penguins-1.5~rc2/games/taipedit.c:253:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char temp[GRID_SX][GRID_SY][GRID_SZ]; data/ace-of-penguins-1.5~rc2/games/taipedit.c:265:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(grid, temp, sizeof(temp)); data/ace-of-penguins-1.5~rc2/games/taipedit.c:367:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[20]; data/ace-of-penguins-1.5~rc2/games/taipedit.c:378:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, "n%d", x); data/ace-of-penguins-1.5~rc2/games/taipei.c:138:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char exposures[GRID_SX][GRID_SY][GRID_SZ]; data/ace-of-penguins-1.5~rc2/games/taipei.c:336:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tmp[10]; data/ace-of-penguins-1.5~rc2/games/taipei.c:347:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(tmp, " %3d %3d", num_tiles, c); data/ace-of-penguins-1.5~rc2/games/taipei.c:470:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char n[20]; data/ace-of-penguins-1.5~rc2/games/taipeilib.c:24:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char grid[GRID_SX][GRID_SY][GRID_SZ]; data/ace-of-penguins-1.5~rc2/games/taipeilib.c:35:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/ace-of-penguins-1.5~rc2/games/taipeilib.h:3:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern unsigned char grid[GRID_SX][GRID_SY][GRID_SZ]; data/ace-of-penguins-1.5~rc2/games/thornq.c:280:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char names[5][5]; data/ace-of-penguins-1.5~rc2/games/thornq.c:286:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(names[n], "%c%c", face[VALUE(c)], suits[SUIT(c)]); data/ace-of-penguins-1.5~rc2/lib/help.c:161:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[100]; data/ace-of-penguins-1.5~rc2/lib/help.c:390:7: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(filename, "r"); data/ace-of-penguins-1.5~rc2/lib/help.c:395:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(file, text, l); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:84:9: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen(concat(imagedir, de->d_name), "rb"); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:127:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:128:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%d", val); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:157:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). FILE *f = fopen(sub->filename, "rb"); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:258:17: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). depfile = fopen(optarg, "w"); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:295:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). inf = fopen(argv[optind], "r"); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:320:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). img->a = atoi(tok); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:323:13: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). img->d = atoi(tok); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:338:12: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). outf = fopen(outfname, "w"); data/ace-of-penguins-1.5~rc2/lib/penguins.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/lib/penguins.c:52:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/lib/stack.c:224:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/lib/stack.c:233:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/lib/stack.c:540:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(dest->cards + dest->num_cards, data/ace-of-penguins-1.5~rc2/lib/stack.c:575:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(src->cards + src->num_cards - num, temp, num * sizeof(int)); data/ace-of-penguins-1.5~rc2/lib/table.c:122:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. *(char **)(options[i][o].ptr) = argv[a+1]; data/ace-of-penguins-1.5~rc2/lib/xwin.c:586:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (data, *bytes, length); data/ace-of-penguins-1.5~rc2/tests/penguins.c:43:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/tests/penguins.c:49:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/tests/test1.c:36:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/tests/test1.c:40:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/tests/test3.c:46:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/tests/test3.c:51:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/tests/test4.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/tests/test4.c:50:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/tests/test5.c:45:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[30]; data/ace-of-penguins-1.5~rc2/tests/test5.c:50:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(name, "%c%c", values[v], suits[s]); data/ace-of-penguins-1.5~rc2/lib/help.c:178:22: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). tags[i].taglen = strlen(tags[i].tag); data/ace-of-penguins-1.5~rc2/lib/help.c:208:61: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawString(display, window, gc, w->x-mx, w->y, w->ptr, strlen(w->ptr)); data/ace-of-penguins-1.5~rc2/lib/help.c:260:68: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawString(display, window, gc, w->x, w->y-vscroll, w->ptr, strlen(w->ptr)); data/ace-of-penguins-1.5~rc2/lib/help.c:393:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int l = strlen(text)+1; data/ace-of-penguins-1.5~rc2/lib/help.c:493:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XTextExtents(fs, w->ptr, strlen(w->ptr), data/ace-of-penguins-1.5~rc2/lib/help.c:616:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w->width, strlen(w->ptr), w->ptr); data/ace-of-penguins-1.5~rc2/lib/help.c:625:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). w->width, strlen(w->ptr), w->ptr); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:21:11: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen(a) + strlen(b) + 2; data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:21:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int i = strlen(a) + strlen(b) + 2; data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:136:19: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (print_col + strlen(buf) > 70) { data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:141:16: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). print_col += strlen(buf); data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:162:19: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((byte = fgetc (f)) != EOF) data/ace-of-penguins-1.5~rc2/lib/make-imglib.c:306:8: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). inbuf[strlen(inbuf)] = 0; data/ace-of-penguins-1.5~rc2/lib/text2c.c:33:15: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while ((c = getchar()) != EOF) data/ace-of-penguins-1.5~rc2/lib/xwin.c:262:23: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = (char *)malloc(strlen(name) + strlen(AOP)+1); data/ace-of-penguins-1.5~rc2/lib/xwin.c:262:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). sl = (char *)malloc(strlen(name) + strlen(AOP)+1); data/ace-of-penguins-1.5~rc2/lib/xwin.c:573:64: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). XDrawImageString(display, window, gc, x, y-font->descent, t, strlen(t)); ANALYSIS SUMMARY: Hits = 93 Lines analyzed = 12003 in approximately 0.31 seconds (38215 lines/second) Physical Source Lines of Code (SLOC) = 9852 Hits@level = [0] 91 [1] 17 [2] 67 [3] 5 [4] 4 [5] 0 Hits@level+ = [0+] 184 [1+] 93 [2+] 76 [3+] 9 [4+] 4 [5+] 0 Hits/KSLOC@level+ = [0+] 18.6764 [1+] 9.43971 [2+] 7.71417 [3+] 0.91352 [4+] 0.406009 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.