Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/aisleriot-3.22.9/src/ar-resources.c Examining data/aisleriot-3.22.9/src/ar-clock.c Examining data/aisleriot-3.22.9/src/ar-style-private.h Examining data/aisleriot-3.22.9/src/ar-style.c Examining data/aisleriot-3.22.9/src/ar-cursor.c Examining data/aisleriot-3.22.9/src/ar-resources.h Examining data/aisleriot-3.22.9/src/ar-clock.h Examining data/aisleriot-3.22.9/src/ar-style-gtk.h Examining data/aisleriot-3.22.9/src/window.h Examining data/aisleriot-3.22.9/src/ar-game-chooser.c Examining data/aisleriot-3.22.9/src/ar-application.h Examining data/aisleriot-3.22.9/src/ar-game-chooser.h Examining data/aisleriot-3.22.9/src/board-noclutter.h Examining data/aisleriot-3.22.9/src/util.h Examining data/aisleriot-3.22.9/src/conf.c Examining data/aisleriot-3.22.9/src/game.h Examining data/aisleriot-3.22.9/src/window.c Examining data/aisleriot-3.22.9/src/util.c Examining data/aisleriot-3.22.9/src/ar-style-gtk.c Examining data/aisleriot-3.22.9/src/ar-cursor.h Examining data/aisleriot-3.22.9/src/conf.h Examining data/aisleriot-3.22.9/src/stats-dialog.h Examining data/aisleriot-3.22.9/src/ar-style.h Examining data/aisleriot-3.22.9/src/game-names.h Examining data/aisleriot-3.22.9/src/board-noclutter.c Examining data/aisleriot-3.22.9/src/stats-dialog.c Examining data/aisleriot-3.22.9/src/lib/ar-conf.c Examining data/aisleriot-3.22.9/src/lib/ar-string-utils.c Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg-private.h Examining data/aisleriot-3.22.9/src/lib/ar-help.h Examining data/aisleriot-3.22.9/src/lib/ar-sound.c Examining data/aisleriot-3.22.9/src/lib/ar-card.h Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-preimage.c Examining data/aisleriot-3.22.9/src/lib/ar-card-theme.c Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-private.h Examining data/aisleriot-3.22.9/src/lib/ar-debug.h Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-kde.cpp Examining data/aisleriot-3.22.9/src/lib/ar-card-theme.h Examining data/aisleriot-3.22.9/src/lib/ar-card-surface-cache.c Examining data/aisleriot-3.22.9/src/lib/ar-card.c Examining data/aisleriot-3.22.9/src/lib/ar-runtime.c Examining data/aisleriot-3.22.9/src/lib/ar-svg.h Examining data/aisleriot-3.22.9/src/lib/ar-help.c Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp Examining data/aisleriot-3.22.9/src/lib/ar-conf.h Examining data/aisleriot-3.22.9/src/lib/ar-card-themes.c Examining data/aisleriot-3.22.9/src/lib/ar-sound.h Examining data/aisleriot-3.22.9/src/lib/ar-profile.c Examining data/aisleriot-3.22.9/src/lib/ar-show.c Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-svg.c Examining data/aisleriot-3.22.9/src/lib/ar-runtime.h Examining data/aisleriot-3.22.9/src/lib/ar-svg.c Examining data/aisleriot-3.22.9/src/lib/ar-debug.c Examining data/aisleriot-3.22.9/src/lib/ar-card-private.h Examining data/aisleriot-3.22.9/src/lib/ar-card-surface-cache.h Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c Examining data/aisleriot-3.22.9/src/lib/render-cards.c Examining data/aisleriot-3.22.9/src/lib/ar-gsettings.h Examining data/aisleriot-3.22.9/src/lib/ar-gsettings.c Examining data/aisleriot-3.22.9/src/lib/ar-profile.h Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c Examining data/aisleriot-3.22.9/src/lib/ar-show.h Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-native.cpp Examining data/aisleriot-3.22.9/src/lib/ar-card-themes.h Examining data/aisleriot-3.22.9/src/lib/ar-string-utils.h Examining data/aisleriot-3.22.9/src/ar-stock.h Examining data/aisleriot-3.22.9/src/ar-application.c Examining data/aisleriot-3.22.9/src/ar-stock.c Examining data/aisleriot-3.22.9/src/game.c Examining data/aisleriot-3.22.9/src/sol.c Examining data/aisleriot-3.22.9/cards/svgcrush.c FINAL RESULTS: data/aisleriot-3.22.9/src/lib/ar-runtime.c:120:10: [5] (race) readlink: This accepts filename arguments; if an attacker can move those files or change the link content, a race condition results. Also, it does not terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach. size = readlink (path2, path, buf_size - 1); data/aisleriot-3.22.9/src/lib/ar-show.c:55:3: [4] (shell) ShellExecute: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. ShellExecute (NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL); data/aisleriot-3.22.9/src/game.c:918:27: [3] (random) g_rand_int_range: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return scm_from_uint32 (g_rand_int_range (game->rand, 0, scm_to_int (range))); data/aisleriot-3.22.9/src/lib/ar-conf.c:218:34: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. conf_dir = g_build_filename (g_get_home_dir (), ".gnome2", "accels", NULL); data/aisleriot-3.22.9/src/lib/ar-gsettings.c:131:34: [3] (buffer) g_get_home_dir: This function is synonymous with 'getenv("HOME")';it returns untrustable input if the environment can beset by an attacker. It can have any content and length, and the same variable can be set more than once (CWE-807, CWE-20). Check environment variables carefully before using them. conf_dir = g_build_filename (g_get_home_dir (), ".gnome2", "accels", NULL); data/aisleriot-3.22.9/cards/svgcrush.c:122:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *argv[4]; data/aisleriot-3.22.9/src/ar-clock.c:28:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char string[32]; data/aisleriot-3.22.9/src/board-noclutter.c:1181:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (cards, data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:101:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char group[32]; data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:211:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sizestr[16]; data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:278:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32], filename[36]; data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c:349:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char filename[32]; data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg-private.h:40:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char *backs[MAX_N_BACKS]; data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp:57:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[32]; data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp:203:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[32]; data/aisleriot-3.22.9/src/lib/ar-card-theme-svg.c:64:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char node[32]; data/aisleriot-3.22.9/src/lib/ar-card-theme.c:138:7: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy (&pixel, b, sizeof (guint32)); data/aisleriot-3.22.9/src/lib/ar-card-themes.c:73:11: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. const char name[8]; data/aisleriot-3.22.9/src/lib/ar-card.c:219:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[128]; data/aisleriot-3.22.9/src/lib/ar-runtime.c:164:6: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). f = fopen ("/proc/self/maps", "r"); data/aisleriot-3.22.9/src/lib/ar-runtime.c:216:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char *cached_directories[AR_RUNTIME_LAST_DIRECTORY]; data/aisleriot-3.22.9/src/lib/ar-string-utils.c:48:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char utf8[7]; data/aisleriot-3.22.9/src/lib/render-cards.c:175:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sizestr[32]; data/aisleriot-3.22.9/src/stats-dialog.c:212:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char text[128]; data/aisleriot-3.22.9/src/window.c:732:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[32]; data/aisleriot-3.22.9/src/window.c:1184:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char actionname[32]; data/aisleriot-3.22.9/src/window.c:1344:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char actionname[32]; data/aisleriot-3.22.9/src/window.c:1577:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char pidstr[64]; data/aisleriot-3.22.9/cards/svgcrush.c:46:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). content += strlen ("data:"); data/aisleriot-3.22.9/src/ar-resources.c:10424:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/aisleriot-3.22.9/src/ar-resources.c:10432:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). __pragma(section(".CRT$XCU",read)) \ data/aisleriot-3.22.9/src/ar-resources.c:10444:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/aisleriot-3.22.9/src/ar-resources.c:10451:22: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). section(".CRT$XCU",read) data/aisleriot-3.22.9/src/game.c:906:20: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). lambda_name += strlen (lambda_name) + 1; data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c:149:9: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (strlen (fields[2]) > 0) data/aisleriot-3.22.9/src/lib/ar-card-themes.c:106:57: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). type = theme_type_from_string (default_type_string, strlen (default_type_string)); data/aisleriot-3.22.9/src/lib/ar-conf.c:405:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). priv->base_path_len = strlen (priv->base_path); data/aisleriot-3.22.9/src/lib/ar-runtime.c:115:2: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). Risk is low because the source is a constant string. strncpy (path2, "/proc/self/exe", buf_size - 1); data/aisleriot-3.22.9/src/lib/ar-runtime.c:147:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy (path, path2, buf_size - 1); data/aisleriot-3.22.9/src/lib/ar-runtime.c:183:13: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). buf_size = strlen (line); data/aisleriot-3.22.9/src/lib/ar-string-utils.c:70:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). prettified_name = g_string_sized_new (strlen (display_name) + 8); data/aisleriot-3.22.9/src/window.c:949:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). value = g_ascii_strtoull (action_name + strlen ("Option"), NULL, 10); data/aisleriot-3.22.9/src/window.c:1597:56: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). g_file_set_contents (error_file, error->message, strlen (error->message), NULL); ANALYSIS SUMMARY: Hits = 43 Lines analyzed = 33683 in approximately 1.21 seconds (27735 lines/second) Physical Source Lines of Code (SLOC) = 25312 Hits@level = [0] 0 [1] 15 [2] 23 [3] 3 [4] 1 [5] 1 Hits@level+ = [0+] 43 [1+] 43 [2+] 28 [3+] 5 [4+] 2 [5+] 1 Hits/KSLOC@level+ = [0+] 1.6988 [1+] 1.6988 [2+] 1.10619 [3+] 0.197535 [4+] 0.0790139 [5+] 0.039507 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.