Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/galois-0.7/src/triangle.h Examining data/galois-0.7/src/hexagon.cc Examining data/galois-0.7/src/square.h Examining data/galois-0.7/src/preferences.h Examining data/galois-0.7/src/grid.h Examining data/galois-0.7/src/preferences.cc Examining data/galois-0.7/src/scores.h Examining data/galois-0.7/src/cube.h Examining data/galois-0.7/src/square.cc Examining data/galois-0.7/src/hexagon.h Examining data/galois-0.7/src/area.cc Examining data/galois-0.7/src/scores.cc Examining data/galois-0.7/src/board.h Examining data/galois-0.7/src/cube.cc Examining data/galois-0.7/src/group.h Examining data/galois-0.7/src/main.cc Examining data/galois-0.7/src/main.h Examining data/galois-0.7/src/area.h Examining data/galois-0.7/src/group.cc Examining data/galois-0.7/src/board.cc Examining data/galois-0.7/src/triangle.cc FINAL RESULTS: data/galois-0.7/src/board.cc:268:8: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. std::srand(static_cast<unsigned>(timeval.as_double() * G_USEC_PER_SEC)); data/galois-0.7/src/preferences.cc:493:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). geometry_radio[std::atoi(reader->get_value().c_str())]. data/galois-0.7/src/preferences.cc:497:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:500:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width2 = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/preferences.cc:506:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). width3 = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/preferences.cc:512:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). depth_spin.set_value(std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:515:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:518:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:520:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). speed_spin.set_value(std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:523:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:526:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). (std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:528:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). empty_spin.set_value(std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:530:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). next_check.set_active(std::atoi(reader->get_value().c_str())); data/galois-0.7/src/preferences.cc:532:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). land_check.set_active(std::atoi(reader->get_value().c_str())); data/galois-0.7/src/scores.cc:464:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.score = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:466:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.lines = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:468:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.level = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:470:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.speed = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:472:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.bmax = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:474:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.bmin = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:476:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.bsuper = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:478:25: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.geometry = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:480:27: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.reflection = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:482:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.width = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:484:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.depth = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:486:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.mode1 = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:488:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.mode2 = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:490:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.ispeed = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:492:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.imax = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:494:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.imin = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:496:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.empty = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:498:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.next = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/scores.cc:500:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g.land = std::atoi(reader->get_value().c_str()); data/galois-0.7/src/preferences.cc:385:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:390:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:400:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:405:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:422:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:428:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:458:13: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/preferences.cc:464:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/scores.cc:420:15: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/scores.cc:425:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/scores.cc:436:12: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); data/galois-0.7/src/scores.cc:441:14: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). reader->read(); ANALYSIS SUMMARY: Hits = 45 Lines analyzed = 5305 in approximately 0.17 seconds (31295 lines/second) Physical Source Lines of Code (SLOC) = 4111 Hits@level = [0] 0 [1] 12 [2] 32 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 45 [1+] 45 [2+] 33 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 10.9462 [1+] 10.9462 [2+] 8.02724 [3+] 0.24325 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.