Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/brutalchess-0.5.2+dfsg/resource.h
Examining data/brutalchess-0.5.2+dfsg/src/piecesets.h
Examining data/brutalchess-0.5.2+dfsg/src/humanplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/menuitem.cpp
Examining data/brutalchess-0.5.2+dfsg/src/utils.h
Examining data/brutalchess-0.5.2+dfsg/src/basicset.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessgame.h
Examining data/brutalchess-0.5.2+dfsg/src/boardtheme.cpp
Examining data/brutalchess-0.5.2+dfsg/src/statsnapshot.cpp
Examining data/brutalchess-0.5.2+dfsg/src/brutalchess.cpp
Examining data/brutalchess-0.5.2+dfsg/src/fontloader.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessgame.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessplayer.h
Examining data/brutalchess-0.5.2+dfsg/src/pieceset.h
Examining data/brutalchess-0.5.2+dfsg/src/boardposition.h
Examining data/brutalchess-0.5.2+dfsg/src/gamecore.h
Examining data/brutalchess-0.5.2+dfsg/src/options.cpp
Examining data/brutalchess-0.5.2+dfsg/src/texture.h
Examining data/brutalchess-0.5.2+dfsg/src/timer.h
Examining data/brutalchess-0.5.2+dfsg/src/statsnapshot.h
Examining data/brutalchess-0.5.2+dfsg/src/objfile.cpp
Examining data/brutalchess-0.5.2+dfsg/src/boardmove.h
Examining data/brutalchess-0.5.2+dfsg/src/vector.cpp
Examining data/brutalchess-0.5.2+dfsg/src/bitboard.h
Examining data/brutalchess-0.5.2+dfsg/src/granitetheme.cpp
Examining data/brutalchess-0.5.2+dfsg/src/menuitem.h
Examining data/brutalchess-0.5.2+dfsg/src/md3model.h
Examining data/brutalchess-0.5.2+dfsg/src/q3charmodel.h
Examining data/brutalchess-0.5.2+dfsg/src/debugset.cpp
Examining data/brutalchess-0.5.2+dfsg/src/bitboard.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessgamestate.cpp
Examining data/brutalchess-0.5.2+dfsg/src/md3model.cpp
Examining data/brutalchess-0.5.2+dfsg/src/config.h
Examining data/brutalchess-0.5.2+dfsg/src/md3test.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessplayers.h
Examining data/brutalchess-0.5.2+dfsg/src/randomplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/board.h
Examining data/brutalchess-0.5.2+dfsg/src/timer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/chessgamestate.h
Examining data/brutalchess-0.5.2+dfsg/src/exception.h
Examining data/brutalchess-0.5.2+dfsg/src/menu.h
Examining data/brutalchess-0.5.2+dfsg/src/fontloader.h
Examining data/brutalchess-0.5.2+dfsg/src/piece.cpp
Examining data/brutalchess-0.5.2+dfsg/src/q3charmodel.cpp
Examining data/brutalchess-0.5.2+dfsg/src/options.h
Examining data/brutalchess-0.5.2+dfsg/src/q3set.cpp
Examining data/brutalchess-0.5.2+dfsg/src/boardposition.cpp
Examining data/brutalchess-0.5.2+dfsg/src/boardthemes.h
Examining data/brutalchess-0.5.2+dfsg/src/boardtheme.h
Examining data/brutalchess-0.5.2+dfsg/src/menu.cpp
Examining data/brutalchess-0.5.2+dfsg/src/boardmove.cpp
Examining data/brutalchess-0.5.2+dfsg/src/piece.h
Examining data/brutalchess-0.5.2+dfsg/src/chessplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/board.cpp
Examining data/brutalchess-0.5.2+dfsg/src/objfile.h
Examining data/brutalchess-0.5.2+dfsg/src/texture.cpp
Examining data/brutalchess-0.5.2+dfsg/src/pieceset.cpp
Examining data/brutalchess-0.5.2+dfsg/src/vector.h
Examining data/brutalchess-0.5.2+dfsg/src/md3view.cpp
Examining data/brutalchess-0.5.2+dfsg/src/objview.cpp
Examining data/brutalchess-0.5.2+dfsg/src/brutalplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/gamecore.cpp
Examining data/brutalchess-0.5.2+dfsg/src/faileplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/xboardplayer.cpp
Examining data/brutalchess-0.5.2+dfsg/src/utils.cpp
FINAL RESULTS:
data/brutalchess-0.5.2+dfsg/src/faileplayer.cpp:61:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp( "./faile", NULL );
data/brutalchess-0.5.2+dfsg/src/fontloader.cpp:304:6: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(text, fmt, ap); // And Converts Symbols To Actual Numbers
data/brutalchess-0.5.2+dfsg/src/xboardplayer.cpp:62:3: [4] (shell) execvp:
This causes a new program to execute and is difficult to use safely
(CWE-78). try using a library call that implements the same functionality
if available.
execvp( "gnuchess", NULL );
data/brutalchess-0.5.2+dfsg/src/brutalplayer.cpp:23:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/brutalchess-0.5.2+dfsg/src/randomplayer.cpp:20:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/brutalchess-0.5.2+dfsg/src/fontloader.cpp:296:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[1024]; // Holds Our String
data/brutalchess-0.5.2+dfsg/src/gamecore.cpp:93:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char blank[64];
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:123:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/brutalchess-0.5.2+dfsg/src/md3model.h:91:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ID[4];
data/brutalchess-0.5.2+dfsg/src/md3model.h:93:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[68];
data/brutalchess-0.5.2+dfsg/src/md3model.h:106:6: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[64]; // Name of the tag
data/brutalchess-0.5.2+dfsg/src/md3model.h:117:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/brutalchess-0.5.2+dfsg/src/md3model.h:127:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char id[4];
data/brutalchess-0.5.2+dfsg/src/md3model.h:128:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[68];
data/brutalchess-0.5.2+dfsg/src/md3model.h:141:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[68];
data/brutalchess-0.5.2+dfsg/src/md3model.h:154:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char normals[2];
data/brutalchess-0.5.2+dfsg/src/faileplayer.cpp:78:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( read( m_from[0], &c, 1 ) ) {
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:36:9: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&m_header, sizeof(m_header));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:41:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currFrame.header, sizeof(md3FrameHeader_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:49:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currTag, sizeof(md3Tag_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:66:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currMesh.header, sizeof(md3MeshHeader_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:70:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currSkin, sizeof(md3Skin_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:77:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currTriangle, sizeof(md3Triangle_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:84:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currTexCoord, sizeof(md3TexCoord_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:93:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
infile.read((char*)&currVertex, sizeof(md3Vertex_t));
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:126:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(bufptr, m_filename.c_str(), 1024);
data/brutalchess-0.5.2+dfsg/src/md3model.cpp:131:6: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, toks[1].c_str(), 1024);
data/brutalchess-0.5.2+dfsg/src/xboardplayer.cpp:79:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while ( read( m_from[0], &c, 1 ) ) {
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 11497 in approximately 0.31 seconds (37416 lines/second)
Physical Source Lines of Code (SLOC) = 7592
Hits@level = [0] 1 [1] 12 [2] 11 [3] 2 [4] 3 [5] 0
Hits@level+ = [0+] 29 [1+] 28 [2+] 16 [3+] 5 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 3.81981 [1+] 3.68809 [2+] 2.10748 [3+] 0.658588 [4+] 0.395153 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.