Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/crazywa-0.0.0~git2019.06.13/dropper.c FINAL RESULTS: data/crazywa-0.0.0~git2019.06.13/dropper.c:1649:33: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). if(!fen) fen = startFEN; else strcpy(startFEN, fen); // remember start position, or use remembered one if not given data/crazywa-0.0.0~git2019.06.13/dropper.c:1862:5: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. sscanf(inBuf, "%s", command); // extract the first word data/crazywa-0.0.0~git2019.06.13/dropper.c:1919:10: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if(sscanf(inBuf+7, "Exclude move:=%s", command)) { int i = (*command == '!'); moveMap[ParseMove(stm, command+i)] = !i; return 1; } data/crazywa-0.0.0~git2019.06.13/dropper.c:114:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char rawChar[32*22], steps[512]; data/crazywa-0.0.0~git2019.06.13/dropper.c:115:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char rawByte[102*22], firstDir[64], rawBulk[98], handSlot[97], promoCode[96], aVal[64], vVal[64], rawLocation[96+23], handBulk[96]; data/crazywa-0.0.0~git2019.06.13/dropper.c:123:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char checkHist[MAXMOVES+MAXPLY]; data/crazywa-0.0.0~git2019.06.13/dropper.c:125:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char repDep[512+100]; data/crazywa-0.0.0~git2019.06.13/dropper.c:286:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char handSlot[97], rawBulk[98]; data/crazywa-0.0.0~git2019.06.13/dropper.c:463:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char *rawPST[COLOR+1]; // PST[-1...95] indexed by 'mutation', which is -1 for drops data/crazywa-0.0.0~git2019.06.13/dropper.c:478:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char pstData[22*11*9]; // actual tables (for now 9 pairs) data/crazywa-0.0.0~git2019.06.13/dropper.c:480:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. signed char kyotoPST[8][15] = { // 3 values per rank (a-c file) data/crazywa-0.0.0~git2019.06.13/dropper.c:801:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char age[3]; data/crazywa-0.0.0~git2019.06.13/dropper.c:901:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char moveMap[1<<16]; // excluded root moves data/crazywa-0.0.0~git2019.06.13/dropper.c:1658:15: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). int n = atoi(fen); sqr += n; fen += (n > 9); // skip given number of squares (and second digit of 10 or 11) data/crazywa-0.0.0~git2019.06.13/dropper.c:1712:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buf[20], pieceID[] = "+nbrq"; data/crazywa-0.0.0~git2019.06.13/dropper.c:1722:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buf, "%c@%c%d", pieces[p&~COLOR], 'a'+(to%22), 1+(to/22)); data/crazywa-0.0.0~git2019.06.13/dropper.c:1723:10: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. } else sprintf(buf, "%c%d%c%d%c", 'a'+(from%22), 1+(from/22), 'a'+(to%22), 1+(to/22), promo); data/crazywa-0.0.0~git2019.06.13/dropper.c:1841:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char inBuf[800]; data/crazywa-0.0.0~git2019.06.13/dropper.c:1855:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char command[80]; int paused = 0; data/crazywa-0.0.0~git2019.06.13/dropper.c:1925:56: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). if(!strcmp(command, "memory")) { if(SetMemorySize(atoi(inBuf+7))) printf("tellusererror Not enough memory\n"), exit(-1); return 1; } data/crazywa-0.0.0~git2019.06.13/dropper.c:1650:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if(strchr(fen, '*') && strlen(fen) > 30) fen += 18; // Alien-Edition Wa implementation; strip off leading 11/11/***********/ data/crazywa-0.0.0~git2019.06.13/dropper.c:1848:19: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). for(i = 0; (c = getchar()) != EOF && (inBuf[i++] = c) != '\n'; ); ANALYSIS SUMMARY: Hits = 22 Lines analyzed = 2016 in approximately 0.13 seconds (15533 lines/second) Physical Source Lines of Code (SLOC) = 1684 Hits@level = [0] 66 [1] 2 [2] 17 [3] 0 [4] 3 [5] 0 Hits@level+ = [0+] 88 [1+] 22 [2+] 20 [3+] 3 [4+] 3 [5+] 0 Hits/KSLOC@level+ = [0+] 52.2565 [1+] 13.0641 [2+] 11.8765 [3+] 1.78147 [4+] 1.78147 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.