Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fairymax-5.0b/fairymax.c
Examining data/fairymax-5.0b/maxqi.c
FINAL RESULTS:
data/fairymax-5.0b/fairymax.c:481:18: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while(fscanf(f, "Game: %s", buf) != 1 && c != EOF)
data/fairymax-5.0b/fairymax.c:486:36: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
if(combo && count == 0) strcpy(selectedFairy, buf);
data/fairymax-5.0b/fairymax.c:487:24: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
if(count++) printf(combo ? " /// " : ",");
data/fairymax-5.0b/fairymax.c:544:23: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while((ptc=fscanf(f, "Game: %s # %s # %s", buf, pieceToChar, parent))==0 || strcmp(name, buf) ) {
data/fairymax-5.0b/fairymax.c:705:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", command);
data/fairymax-5.0b/fairymax.c:855:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line+7, "Ini File=%s", filename) == 1) {
data/fairymax-5.0b/fairymax.c:861:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line+7, "Variant fairy selects=%s", selectedFairy+6) == 1) continue;
data/fairymax-5.0b/fairymax.c:862:7: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if(sscanf(line+7, "Makruk rules=%s", Cambodian) == 1) continue;
data/fairymax-5.0b/fairymax.c:925:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "variant %s", command);
data/fairymax-5.0b/maxqi.c:393:18: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while(fscanf(f, "Game: %s", buf) != 1 && c != EOF)
data/fairymax-5.0b/maxqi.c:419:18: [4] (buffer) fscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
while(fscanf(f, "Game: %s", buf)!=1 || strcmp(name, buf) ) {
data/fairymax-5.0b/maxqi.c:537:3: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "%s", command);
data/fairymax-5.0b/maxqi.c:710:25: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
sscanf(line, "variant %s", command);
data/fairymax-5.0b/maxqi.c:353:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(GetTickCount());
data/fairymax-5.0b/fairymax.c:123:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char Cambodian[80] = "makruk";
data/fairymax-5.0b/fairymax.c:129:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char piecename[32], piecetype[32], blacktype[32];
data/fairymax-5.0b/fairymax.c:130:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char selectedFairy[80];
data/fairymax-5.0b/fairymax.c:132:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char info[999], hashfile[256];
data/fairymax-5.0b/fairymax.c:137:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HistoryBoards[1024][STATE], setupPosition[290];
data/fairymax-5.0b/fairymax.c:159:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char pl[32],
data/fairymax-5.0b/fairymax.c:476:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inifile, "r");
data/fairymax-5.0b/fairymax.c:518:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(f = fopen(hashfile, "r")) {
data/fairymax-5.0b/fairymax.c:526:42: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int i, j, ptc=0, count=0, step2; char c, buf[80], pieceToChar[200], parent[80];
data/fairymax-5.0b/fairymax.c:530:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inifile, "r");
data/fairymax-5.0b/fairymax.c:608:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], command[256], c, ff, ft;
data/fairymax-5.0b/fairymax.c:845:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(hashfile, "a"); // add current position to persistent hash
data/fairymax-5.0b/fairymax.c:852:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int i; static char filename[80];
data/fairymax-5.0b/fairymax.c:866:19: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(hashfile, "a"); // add current position to persistent hash
data/fairymax-5.0b/fairymax.c:958:57: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
line[2] = '0' + atoi(line + 2) + (BH==10); // allow 2-digit rank
data/fairymax-5.0b/maxqi.c:134:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char piecename[32], piecetype[32], defaultchar[]=".PPKNBRQEWFMACHG";
data/fairymax-5.0b/maxqi.c:140:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char HistoryBoards[1024][STATE], setupPosition[129];
data/fairymax-5.0b/maxqi.c:158:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
signed char
data/fairymax-5.0b/maxqi.c:388:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inifile, "r");
data/fairymax-5.0b/maxqi.c:405:28: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
int i, j, count=0; char c, buf[80];
data/fairymax-5.0b/maxqi.c:409:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(inifile, "r");
data/fairymax-5.0b/maxqi.c:461:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[256], command[256], c, cc;
data/fairymax-5.0b/fairymax.c:482:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF && c != '\n');
data/fairymax-5.0b/fairymax.c:546:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF && c != '\n') *p++ = c;
data/fairymax-5.0b/maxqi.c:394:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF && c != '\n');
data/fairymax-5.0b/maxqi.c:420:27: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while((c = fgetc(f)) != EOF && c != '\n');
ANALYSIS SUMMARY:
Hits = 40
Lines analyzed = 1814 in approximately 0.10 seconds (18010 lines/second)
Physical Source Lines of Code (SLOC) = 1459
Hits@level = [0] 155 [1] 4 [2] 22 [3] 1 [4] 13 [5] 0
Hits@level+ = [0+] 195 [1+] 40 [2+] 36 [3+] 14 [4+] 13 [5+] 0
Hits/KSLOC@level+ = [0+] 133.653 [1+] 27.416 [2+] 24.6744 [3+] 9.59561 [4+] 8.91021 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.