Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/glaurung-2.2/src/movegen.cpp Examining data/glaurung-2.2/src/search.cpp Examining data/glaurung-2.2/src/psqtab.h Examining data/glaurung-2.2/src/misc.cpp Examining data/glaurung-2.2/src/move.h Examining data/glaurung-2.2/src/bitbase.h Examining data/glaurung-2.2/src/color.cpp Examining data/glaurung-2.2/src/thread.h Examining data/glaurung-2.2/src/pawns.h Examining data/glaurung-2.2/src/move.cpp Examining data/glaurung-2.2/src/mersenne.h Examining data/glaurung-2.2/src/pawns.cpp Examining data/glaurung-2.2/src/movepick.cpp Examining data/glaurung-2.2/src/tt.cpp Examining data/glaurung-2.2/src/san.h Examining data/glaurung-2.2/src/color.h Examining data/glaurung-2.2/src/square.cpp Examining data/glaurung-2.2/src/evaluate.h Examining data/glaurung-2.2/src/material.cpp Examining data/glaurung-2.2/src/position.cpp Examining data/glaurung-2.2/src/position.h Examining data/glaurung-2.2/src/san.cpp Examining data/glaurung-2.2/src/square.h Examining data/glaurung-2.2/src/lock.h Examining data/glaurung-2.2/src/phase.h Examining data/glaurung-2.2/src/piece.cpp Examining data/glaurung-2.2/src/misc.h Examining data/glaurung-2.2/src/direction.h Examining data/glaurung-2.2/src/book.cpp Examining data/glaurung-2.2/src/piece.h Examining data/glaurung-2.2/src/scale.h Examining data/glaurung-2.2/src/benchmark.cpp Examining data/glaurung-2.2/src/endgame.cpp Examining data/glaurung-2.2/src/history.cpp Examining data/glaurung-2.2/src/mersenne.cpp Examining data/glaurung-2.2/src/book.h Examining data/glaurung-2.2/src/ucioption.h Examining data/glaurung-2.2/src/uci.cpp Examining data/glaurung-2.2/src/endgame.h Examining data/glaurung-2.2/src/value.cpp Examining data/glaurung-2.2/src/history.h Examining data/glaurung-2.2/src/tt.h Examining data/glaurung-2.2/src/depth.h Examining data/glaurung-2.2/src/value.h Examining data/glaurung-2.2/src/material.h Examining data/glaurung-2.2/src/types.h Examining data/glaurung-2.2/src/benchmark.h Examining data/glaurung-2.2/src/movepick.h Examining data/glaurung-2.2/src/movegen.h Examining data/glaurung-2.2/src/bitboard.h Examining data/glaurung-2.2/src/bitbase.cpp Examining data/glaurung-2.2/src/uci.h Examining data/glaurung-2.2/src/ucioption.cpp Examining data/glaurung-2.2/src/direction.cpp Examining data/glaurung-2.2/src/timeoday.cpp Examining data/glaurung-2.2/src/search.h Examining data/glaurung-2.2/src/bitboard.cpp Examining data/glaurung-2.2/src/main.cpp Examining data/glaurung-2.2/src/evaluate.cpp FINAL RESULTS: data/glaurung-2.2/src/ucioption.cpp:244:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(o->currentValue, newValue.c_str()); data/glaurung-2.2/src/lock.h:92:27: [3] (misc) InitializeCriticalSection: Exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. # define lock_init(x, y) InitializeCriticalSection(x) data/glaurung-2.2/src/lock.h:93:24: [3] (misc) EnterCriticalSection: On some versions of Windows, exceptions can be thrown in low-memory situations. Use InitializeCriticalSectionAndSpinCount instead. # define lock_grab(x) EnterCriticalSection(x) data/glaurung-2.2/src/benchmark.cpp:67:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(ttSize.c_str()); data/glaurung-2.2/src/benchmark.cpp:73:7: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). i = atoi(threads.c_str()); data/glaurung-2.2/src/book.cpp:362:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void Book::open(const std::string &fName) { data/glaurung-2.2/src/book.cpp:364:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). bookFile = fopen(fileName.c_str(), "rb"); data/glaurung-2.2/src/book.h:60:8: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). void open(const std::string &fName); data/glaurung-2.2/src/misc.cpp:59:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char monthNames[12][4] = { data/glaurung-2.2/src/misc.cpp:69:11: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). day = atoi(dateString+4); data/glaurung-2.2/src/position.cpp:291:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(this, &pos, sizeof(Position)); data/glaurung-2.2/src/san.cpp:179:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char str[10]; data/glaurung-2.2/src/search.cpp:308:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). OpeningBook.open("book.bin"); data/glaurung-2.2/src/search.cpp:376:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). LogFile.open(get_option_value_string("Search Log Filename").c_str(), data/glaurung-2.2/src/search.cpp:2033:7: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char input[256]; data/glaurung-2.2/src/search.cpp:2035:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(input, "quit\n"); data/glaurung-2.2/src/search.cpp:2349:5: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(splitPoint->sstack[master], sstck, (ply+1)*sizeof(SearchStack)); data/glaurung-2.2/src/search.cpp:2356:9: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(splitPoint->sstack[i], sstck, (ply+1)*sizeof(SearchStack)); data/glaurung-2.2/src/thread.h:74:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char pad[64]; data/glaurung-2.2/src/uci.cpp:343:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time[0] = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:347:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). time[1] = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:351:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inc[0] = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:355:20: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). inc[1] = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:359:23: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). movesToGo = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:363:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). depth = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:367:19: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). nodes = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/uci.cpp:371:22: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). moveTime = atoi(uip.get_next_token().c_str()); data/glaurung-2.2/src/ucioption.cpp:54:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[50], defaultValue[300], currentValue[300]; data/glaurung-2.2/src/ucioption.cpp:57:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char comboValues[8][64]; data/glaurung-2.2/src/ucioption.cpp:156:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(o->defaultValue, "%d", Min(cpu_count(), 7)); data/glaurung-2.2/src/ucioption.cpp:157:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(o->currentValue, "%d", Min(cpu_count(), 7)); data/glaurung-2.2/src/ucioption.cpp:165:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(o->defaultValue, "%d", 6); data/glaurung-2.2/src/ucioption.cpp:166:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(o->defaultValue, "%d", 6); data/glaurung-2.2/src/ucioption.cpp:209:10: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). return atoi(o->currentValue); data/glaurung-2.2/src/book.cpp:566:11: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). b = fgetc(file); data/glaurung-2.2/src/san.cpp:192:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). int left = 0, right = strlen(str) - 1; data/glaurung-2.2/src/ucioption.cpp:185:24: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for(int i = 0; strlen(o->comboValues[i]) > 0; i++) ANALYSIS SUMMARY: Hits = 37 Lines analyzed = 17215 in approximately 0.44 seconds (39171 lines/second) Physical Source Lines of Code (SLOC) = 10271 Hits@level = [0] 5 [1] 3 [2] 31 [3] 2 [4] 1 [5] 0 Hits@level+ = [0+] 42 [1+] 37 [2+] 34 [3+] 3 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 4.08918 [1+] 3.60238 [2+] 3.31029 [3+] 0.292085 [4+] 0.0973615 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.