Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/galois-0.7/src/triangle.h
Examining data/galois-0.7/src/hexagon.cc
Examining data/galois-0.7/src/square.h
Examining data/galois-0.7/src/preferences.h
Examining data/galois-0.7/src/grid.h
Examining data/galois-0.7/src/preferences.cc
Examining data/galois-0.7/src/scores.h
Examining data/galois-0.7/src/cube.h
Examining data/galois-0.7/src/square.cc
Examining data/galois-0.7/src/hexagon.h
Examining data/galois-0.7/src/area.cc
Examining data/galois-0.7/src/scores.cc
Examining data/galois-0.7/src/board.h
Examining data/galois-0.7/src/cube.cc
Examining data/galois-0.7/src/group.h
Examining data/galois-0.7/src/main.cc
Examining data/galois-0.7/src/main.h
Examining data/galois-0.7/src/area.h
Examining data/galois-0.7/src/group.cc
Examining data/galois-0.7/src/board.cc
Examining data/galois-0.7/src/triangle.cc
FINAL RESULTS:
data/galois-0.7/src/board.cc:268:8: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
std::srand(static_cast<unsigned>(timeval.as_double() * G_USEC_PER_SEC));
data/galois-0.7/src/preferences.cc:493:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
geometry_radio[std::atoi(reader->get_value().c_str())].
data/galois-0.7/src/preferences.cc:497:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:500:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width2 = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/preferences.cc:506:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
width3 = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/preferences.cc:512:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth_spin.set_value(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:515:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:518:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:520:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
speed_spin.set_value(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:523:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:526:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:528:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
empty_spin.set_value(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:530:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
next_check.set_active(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/preferences.cc:532:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
land_check.set_active(std::atoi(reader->get_value().c_str()));
data/galois-0.7/src/scores.cc:464:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.score = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:466:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.lines = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:468:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.level = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:470:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.speed = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:472:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.bmax = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:474:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.bmin = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:476:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.bsuper = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:478:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.geometry = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:480:27: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.reflection = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:482:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.width = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:484:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.depth = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:486:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.mode1 = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:488:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.mode2 = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:490:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.ispeed = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:492:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.imax = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:494:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.imin = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:496:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.empty = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:498:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.next = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/scores.cc:500:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g.land = std::atoi(reader->get_value().c_str());
data/galois-0.7/src/preferences.cc:385:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:390:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:400:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:405:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:422:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:428:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:458:13: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/preferences.cc:464:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/scores.cc:420:15: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/scores.cc:425:10: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/scores.cc:436:12: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
data/galois-0.7/src/scores.cc:441:14: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
reader->read();
ANALYSIS SUMMARY:
Hits = 45
Lines analyzed = 5305 in approximately 0.17 seconds (31295 lines/second)
Physical Source Lines of Code (SLOC) = 4111
Hits@level = [0] 0 [1] 12 [2] 32 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 45 [1+] 45 [2+] 33 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 10.9462 [1+] 10.9462 [2+] 8.02724 [3+] 0.24325 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.