stdin

Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/extremetuxracer-0.8.0/src/audio.h
Examining data/extremetuxracer-0.8.0/src/gui.cpp
Examining data/extremetuxracer-0.8.0/src/reset.h
Examining data/extremetuxracer-0.8.0/src/states.h
Examining data/extremetuxracer-0.8.0/src/spx.h
Examining data/extremetuxracer-0.8.0/src/textures.h
Examining data/extremetuxracer-0.8.0/src/font.cpp
Examining data/extremetuxracer-0.8.0/src/reset.cpp
Examining data/extremetuxracer-0.8.0/src/quadtree.cpp
Examining data/extremetuxracer-0.8.0/src/loading.cpp
Examining data/extremetuxracer-0.8.0/src/newplayer.h
Examining data/extremetuxracer-0.8.0/src/course.cpp
Examining data/extremetuxracer-0.8.0/src/particles.h
Examining data/extremetuxracer-0.8.0/src/course_render.h
Examining data/extremetuxracer-0.8.0/src/winsys.h
Examining data/extremetuxracer-0.8.0/src/particles.cpp
Examining data/extremetuxracer-0.8.0/src/paused.h
Examining data/extremetuxracer-0.8.0/src/env.cpp
Examining data/extremetuxracer-0.8.0/src/event_select.cpp
Examining data/extremetuxracer-0.8.0/src/racing.h
Examining data/extremetuxracer-0.8.0/src/game_config.cpp
Examining data/extremetuxracer-0.8.0/src/common.h
Examining data/extremetuxracer-0.8.0/src/ogl.cpp
Examining data/extremetuxracer-0.8.0/src/mathlib.h
Examining data/extremetuxracer-0.8.0/src/game_ctrl.cpp
Examining data/extremetuxracer-0.8.0/src/mathlib.cpp
Examining data/extremetuxracer-0.8.0/src/hud.cpp
Examining data/extremetuxracer-0.8.0/src/translation.h
Examining data/extremetuxracer-0.8.0/src/tux.cpp
Examining data/extremetuxracer-0.8.0/src/common.cpp
Examining data/extremetuxracer-0.8.0/src/physics.h
Examining data/extremetuxracer-0.8.0/src/matrices.cpp
Examining data/extremetuxracer-0.8.0/src/bh.h
Examining data/extremetuxracer-0.8.0/src/tool_char.cpp
Examining data/extremetuxracer-0.8.0/src/matrices.h
Examining data/extremetuxracer-0.8.0/src/track_marks.h
Examining data/extremetuxracer-0.8.0/src/quadtree.h
Examining data/extremetuxracer-0.8.0/src/tools.h
Examining data/extremetuxracer-0.8.0/src/credits.h
Examining data/extremetuxracer-0.8.0/src/version.h
Examining data/extremetuxracer-0.8.0/src/tux.h
Examining data/extremetuxracer-0.8.0/src/ogl_test.cpp
Examining data/extremetuxracer-0.8.0/src/race_select.h
Examining data/extremetuxracer-0.8.0/src/help.h
Examining data/extremetuxracer-0.8.0/src/event.cpp
Examining data/extremetuxracer-0.8.0/src/racing.cpp
Examining data/extremetuxracer-0.8.0/src/track_marks.cpp
Examining data/extremetuxracer-0.8.0/src/gui.h
Examining data/extremetuxracer-0.8.0/src/vectors.cpp
Examining data/extremetuxracer-0.8.0/src/ogl_test.h
Examining data/extremetuxracer-0.8.0/src/newplayer.cpp
Examining data/extremetuxracer-0.8.0/src/tool_frame.h
Examining data/extremetuxracer-0.8.0/src/keyframe.h
Examining data/extremetuxracer-0.8.0/src/course_render.cpp
Examining data/extremetuxracer-0.8.0/src/config_screen.h
Examining data/extremetuxracer-0.8.0/src/font.h
Examining data/extremetuxracer-0.8.0/src/ogl.h
Examining data/extremetuxracer-0.8.0/src/config_screen.cpp
Examining data/extremetuxracer-0.8.0/src/regist.h
Examining data/extremetuxracer-0.8.0/src/event.h
Examining data/extremetuxracer-0.8.0/src/intro.cpp
Examining data/extremetuxracer-0.8.0/src/score.cpp
Examining data/extremetuxracer-0.8.0/src/intro.h
Examining data/extremetuxracer-0.8.0/src/tool_char.h
Examining data/extremetuxracer-0.8.0/src/vectors.h
Examining data/extremetuxracer-0.8.0/src/game_type_select.cpp
Examining data/extremetuxracer-0.8.0/src/states.cpp
Examining data/extremetuxracer-0.8.0/src/etr_types.h
Examining data/extremetuxracer-0.8.0/src/env.h
Examining data/extremetuxracer-0.8.0/src/view.cpp
Examining data/extremetuxracer-0.8.0/src/event_select.h
Examining data/extremetuxracer-0.8.0/src/spx.cpp
Examining data/extremetuxracer-0.8.0/src/game_over.cpp
Examining data/extremetuxracer-0.8.0/src/race_select.cpp
Examining data/extremetuxracer-0.8.0/src/tools.cpp
Examining data/extremetuxracer-0.8.0/src/game_over.h
Examining data/extremetuxracer-0.8.0/src/loading.h
Examining data/extremetuxracer-0.8.0/src/tool_frame.cpp
Examining data/extremetuxracer-0.8.0/src/game_type_select.h
Examining data/extremetuxracer-0.8.0/src/winsys.cpp
Examining data/extremetuxracer-0.8.0/src/paused.cpp
Examining data/extremetuxracer-0.8.0/src/physics.cpp
Examining data/extremetuxracer-0.8.0/src/splash_screen.h
Examining data/extremetuxracer-0.8.0/src/regist.cpp
Examining data/extremetuxracer-0.8.0/src/main.cpp
Examining data/extremetuxracer-0.8.0/src/course.h
Examining data/extremetuxracer-0.8.0/src/score.h
Examining data/extremetuxracer-0.8.0/src/view.h
Examining data/extremetuxracer-0.8.0/src/audio.cpp
Examining data/extremetuxracer-0.8.0/src/translation.cpp
Examining data/extremetuxracer-0.8.0/src/help.cpp
Examining data/extremetuxracer-0.8.0/src/game_ctrl.h
Examining data/extremetuxracer-0.8.0/src/game_config.h
Examining data/extremetuxracer-0.8.0/src/textures.cpp
Examining data/extremetuxracer-0.8.0/src/credits.cpp
Examining data/extremetuxracer-0.8.0/src/hud.h
Examining data/extremetuxracer-0.8.0/src/keyframe.cpp
Examining data/extremetuxracer-0.8.0/src/splash_screen.cpp

FINAL RESULTS:

data/extremetuxracer-0.8.0/src/game_config.cpp:287:8:  [4] (buffer) strcpy:
  Does not check for buffer overflows when copying to destination [MS-banned]
  (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
  easily misused).
		std::strcpy(buff, arg0);
data/extremetuxracer-0.8.0/src/main.cpp:68:7:  [3] (random) srand:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	std::srand(std::time(nullptr));
data/extremetuxracer-0.8.0/src/game_config.cpp:281:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buff[256];
data/extremetuxracer-0.8.0/src/quadtree.h:66:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	unsigned char	SubEnabledCount[2];
data/extremetuxracer-0.8.0/src/translation.cpp:250:2:  [2] (buffer) wchar_t:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	wchar_t buf[10] = {0};
data/extremetuxracer-0.8.0/src/translation.cpp:252:2:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
	char buf2[10] = {0};
data/extremetuxracer-0.8.0/src/view.cpp:318:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
static char p_vertex_code[6];
data/extremetuxracer-0.8.0/src/game_config.cpp:288:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		if (std::strlen(buff) > 5) {
data/extremetuxracer-0.8.0/src/game_config.cpp:289:14:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
			buff[std::strlen(buff)-3] = 0;

ANALYSIS SUMMARY:

Hits = 9
Lines analyzed = 19892 in approximately 0.65 seconds (30553 lines/second)
Physical Source Lines of Code (SLOC) = 14806
Hits@level = [0]   0 [1]   2 [2]   5 [3]   1 [4]   1 [5]   0
Hits@level+ = [0+]   9 [1+]   9 [2+]   7 [3+]   2 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 0.607862 [1+] 0.607862 [2+] 0.472781 [3+] 0.13508 [4+] 0.0675402 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.