Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/aisleriot-3.22.9/src/ar-resources.c
Examining data/aisleriot-3.22.9/src/ar-clock.c
Examining data/aisleriot-3.22.9/src/ar-style-private.h
Examining data/aisleriot-3.22.9/src/ar-style.c
Examining data/aisleriot-3.22.9/src/ar-cursor.c
Examining data/aisleriot-3.22.9/src/ar-resources.h
Examining data/aisleriot-3.22.9/src/ar-clock.h
Examining data/aisleriot-3.22.9/src/ar-style-gtk.h
Examining data/aisleriot-3.22.9/src/window.h
Examining data/aisleriot-3.22.9/src/ar-game-chooser.c
Examining data/aisleriot-3.22.9/src/ar-application.h
Examining data/aisleriot-3.22.9/src/ar-game-chooser.h
Examining data/aisleriot-3.22.9/src/board-noclutter.h
Examining data/aisleriot-3.22.9/src/util.h
Examining data/aisleriot-3.22.9/src/conf.c
Examining data/aisleriot-3.22.9/src/game.h
Examining data/aisleriot-3.22.9/src/window.c
Examining data/aisleriot-3.22.9/src/util.c
Examining data/aisleriot-3.22.9/src/ar-style-gtk.c
Examining data/aisleriot-3.22.9/src/ar-cursor.h
Examining data/aisleriot-3.22.9/src/conf.h
Examining data/aisleriot-3.22.9/src/stats-dialog.h
Examining data/aisleriot-3.22.9/src/ar-style.h
Examining data/aisleriot-3.22.9/src/game-names.h
Examining data/aisleriot-3.22.9/src/board-noclutter.c
Examining data/aisleriot-3.22.9/src/stats-dialog.c
Examining data/aisleriot-3.22.9/src/lib/ar-conf.c
Examining data/aisleriot-3.22.9/src/lib/ar-string-utils.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg-private.h
Examining data/aisleriot-3.22.9/src/lib/ar-help.h
Examining data/aisleriot-3.22.9/src/lib/ar-sound.c
Examining data/aisleriot-3.22.9/src/lib/ar-card.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-preimage.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-private.h
Examining data/aisleriot-3.22.9/src/lib/ar-debug.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-kde.cpp
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-surface-cache.c
Examining data/aisleriot-3.22.9/src/lib/ar-card.c
Examining data/aisleriot-3.22.9/src/lib/ar-runtime.c
Examining data/aisleriot-3.22.9/src/lib/ar-svg.h
Examining data/aisleriot-3.22.9/src/lib/ar-help.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp
Examining data/aisleriot-3.22.9/src/lib/ar-conf.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-themes.c
Examining data/aisleriot-3.22.9/src/lib/ar-sound.h
Examining data/aisleriot-3.22.9/src/lib/ar-profile.c
Examining data/aisleriot-3.22.9/src/lib/ar-show.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-svg.c
Examining data/aisleriot-3.22.9/src/lib/ar-runtime.h
Examining data/aisleriot-3.22.9/src/lib/ar-svg.c
Examining data/aisleriot-3.22.9/src/lib/ar-debug.c
Examining data/aisleriot-3.22.9/src/lib/ar-card-private.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-surface-cache.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c
Examining data/aisleriot-3.22.9/src/lib/render-cards.c
Examining data/aisleriot-3.22.9/src/lib/ar-gsettings.h
Examining data/aisleriot-3.22.9/src/lib/ar-gsettings.c
Examining data/aisleriot-3.22.9/src/lib/ar-profile.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c
Examining data/aisleriot-3.22.9/src/lib/ar-show.h
Examining data/aisleriot-3.22.9/src/lib/ar-card-theme-native.cpp
Examining data/aisleriot-3.22.9/src/lib/ar-card-themes.h
Examining data/aisleriot-3.22.9/src/lib/ar-string-utils.h
Examining data/aisleriot-3.22.9/src/ar-stock.h
Examining data/aisleriot-3.22.9/src/ar-application.c
Examining data/aisleriot-3.22.9/src/ar-stock.c
Examining data/aisleriot-3.22.9/src/game.c
Examining data/aisleriot-3.22.9/src/sol.c
Examining data/aisleriot-3.22.9/cards/svgcrush.c
FINAL RESULTS:
data/aisleriot-3.22.9/src/lib/ar-runtime.c:120:10: [5] (race) readlink:
This accepts filename arguments; if an attacker can move those files or
change the link content, a race condition results. Also, it does not
terminate with ASCII NUL. (CWE-362, CWE-20). Reconsider approach.
size = readlink (path2, path, buf_size - 1);
data/aisleriot-3.22.9/src/lib/ar-show.c:55:3: [4] (shell) ShellExecute:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
ShellExecute (NULL, "open", uri, NULL, NULL, SW_SHOWNORMAL);
data/aisleriot-3.22.9/src/game.c:918:27: [3] (random) g_rand_int_range:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return scm_from_uint32 (g_rand_int_range (game->rand, 0, scm_to_int (range)));
data/aisleriot-3.22.9/src/lib/ar-conf.c:218:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
conf_dir = g_build_filename (g_get_home_dir (), ".gnome2", "accels", NULL);
data/aisleriot-3.22.9/src/lib/ar-gsettings.c:131:34: [3] (buffer) g_get_home_dir:
This function is synonymous with 'getenv("HOME")';it returns untrustable
input if the environment can beset by an attacker. It can have any content
and length, and the same variable can be set more than once (CWE-807,
CWE-20). Check environment variables carefully before using them.
conf_dir = g_build_filename (g_get_home_dir (), ".gnome2", "accels", NULL);
data/aisleriot-3.22.9/cards/svgcrush.c:122:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *argv[4];
data/aisleriot-3.22.9/src/ar-clock.c:28:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[32];
data/aisleriot-3.22.9/src/board-noclutter.c:1181:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (cards,
data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:101:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char group[32];
data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:211:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sizestr[16];
data/aisleriot-3.22.9/src/lib/ar-card-theme-fixed.c:278:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[32], filename[36];
data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c:349:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[32];
data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg-private.h:40:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *backs[MAX_N_BACKS];
data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp:57:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[32];
data/aisleriot-3.22.9/src/lib/ar-card-theme-qsvg.cpp:203:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[32];
data/aisleriot-3.22.9/src/lib/ar-card-theme-svg.c:64:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char node[32];
data/aisleriot-3.22.9/src/lib/ar-card-theme.c:138:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (&pixel, b, sizeof (guint32));
data/aisleriot-3.22.9/src/lib/ar-card-themes.c:73:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char name[8];
data/aisleriot-3.22.9/src/lib/ar-card.c:219:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[128];
data/aisleriot-3.22.9/src/lib/ar-runtime.c:164:6: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("/proc/self/maps", "r");
data/aisleriot-3.22.9/src/lib/ar-runtime.c:216:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char *cached_directories[AR_RUNTIME_LAST_DIRECTORY];
data/aisleriot-3.22.9/src/lib/ar-string-utils.c:48:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char utf8[7];
data/aisleriot-3.22.9/src/lib/render-cards.c:175:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sizestr[32];
data/aisleriot-3.22.9/src/stats-dialog.c:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[128];
data/aisleriot-3.22.9/src/window.c:732:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[32];
data/aisleriot-3.22.9/src/window.c:1184:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actionname[32];
data/aisleriot-3.22.9/src/window.c:1344:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char actionname[32];
data/aisleriot-3.22.9/src/window.c:1577:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pidstr[64];
data/aisleriot-3.22.9/cards/svgcrush.c:46:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
content += strlen ("data:");
data/aisleriot-3.22.9/src/ar-resources.c:10424:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/aisleriot-3.22.9/src/ar-resources.c:10432:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
__pragma(section(".CRT$XCU",read)) \
data/aisleriot-3.22.9/src/ar-resources.c:10444:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/aisleriot-3.22.9/src/ar-resources.c:10451:22: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
section(".CRT$XCU",read)
data/aisleriot-3.22.9/src/game.c:906:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
lambda_name += strlen (lambda_name) + 1;
data/aisleriot-3.22.9/src/lib/ar-card-theme-pysol.c:149:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen (fields[2]) > 0)
data/aisleriot-3.22.9/src/lib/ar-card-themes.c:106:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
type = theme_type_from_string (default_type_string, strlen (default_type_string));
data/aisleriot-3.22.9/src/lib/ar-conf.c:405:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
priv->base_path_len = strlen (priv->base_path);
data/aisleriot-3.22.9/src/lib/ar-runtime.c:115:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy (path2, "/proc/self/exe", buf_size - 1);
data/aisleriot-3.22.9/src/lib/ar-runtime.c:147:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy (path, path2, buf_size - 1);
data/aisleriot-3.22.9/src/lib/ar-runtime.c:183:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
buf_size = strlen (line);
data/aisleriot-3.22.9/src/lib/ar-string-utils.c:70:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
prettified_name = g_string_sized_new (strlen (display_name) + 8);
data/aisleriot-3.22.9/src/window.c:949:43: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
value = g_ascii_strtoull (action_name + strlen ("Option"), NULL, 10);
data/aisleriot-3.22.9/src/window.c:1597:56: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
g_file_set_contents (error_file, error->message, strlen (error->message), NULL);
ANALYSIS SUMMARY:
Hits = 43
Lines analyzed = 33683 in approximately 1.21 seconds (27735 lines/second)
Physical Source Lines of Code (SLOC) = 25312
Hits@level = [0] 0 [1] 15 [2] 23 [3] 3 [4] 1 [5] 1
Hits@level+ = [0+] 43 [1+] 43 [2+] 28 [3+] 5 [4+] 2 [5+] 1
Hits/KSLOC@level+ = [0+] 1.6988 [1+] 1.6988 [2+] 1.10619 [3+] 0.197535 [4+] 0.0790139 [5+] 0.039507
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.