Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/glaurung-2.2/src/movegen.cpp
Examining data/glaurung-2.2/src/search.cpp
Examining data/glaurung-2.2/src/psqtab.h
Examining data/glaurung-2.2/src/misc.cpp
Examining data/glaurung-2.2/src/move.h
Examining data/glaurung-2.2/src/bitbase.h
Examining data/glaurung-2.2/src/color.cpp
Examining data/glaurung-2.2/src/thread.h
Examining data/glaurung-2.2/src/pawns.h
Examining data/glaurung-2.2/src/move.cpp
Examining data/glaurung-2.2/src/mersenne.h
Examining data/glaurung-2.2/src/pawns.cpp
Examining data/glaurung-2.2/src/movepick.cpp
Examining data/glaurung-2.2/src/tt.cpp
Examining data/glaurung-2.2/src/san.h
Examining data/glaurung-2.2/src/color.h
Examining data/glaurung-2.2/src/square.cpp
Examining data/glaurung-2.2/src/evaluate.h
Examining data/glaurung-2.2/src/material.cpp
Examining data/glaurung-2.2/src/position.cpp
Examining data/glaurung-2.2/src/position.h
Examining data/glaurung-2.2/src/san.cpp
Examining data/glaurung-2.2/src/square.h
Examining data/glaurung-2.2/src/lock.h
Examining data/glaurung-2.2/src/phase.h
Examining data/glaurung-2.2/src/piece.cpp
Examining data/glaurung-2.2/src/misc.h
Examining data/glaurung-2.2/src/direction.h
Examining data/glaurung-2.2/src/book.cpp
Examining data/glaurung-2.2/src/piece.h
Examining data/glaurung-2.2/src/scale.h
Examining data/glaurung-2.2/src/benchmark.cpp
Examining data/glaurung-2.2/src/endgame.cpp
Examining data/glaurung-2.2/src/history.cpp
Examining data/glaurung-2.2/src/mersenne.cpp
Examining data/glaurung-2.2/src/book.h
Examining data/glaurung-2.2/src/ucioption.h
Examining data/glaurung-2.2/src/uci.cpp
Examining data/glaurung-2.2/src/endgame.h
Examining data/glaurung-2.2/src/value.cpp
Examining data/glaurung-2.2/src/history.h
Examining data/glaurung-2.2/src/tt.h
Examining data/glaurung-2.2/src/depth.h
Examining data/glaurung-2.2/src/value.h
Examining data/glaurung-2.2/src/material.h
Examining data/glaurung-2.2/src/types.h
Examining data/glaurung-2.2/src/benchmark.h
Examining data/glaurung-2.2/src/movepick.h
Examining data/glaurung-2.2/src/movegen.h
Examining data/glaurung-2.2/src/bitboard.h
Examining data/glaurung-2.2/src/bitbase.cpp
Examining data/glaurung-2.2/src/uci.h
Examining data/glaurung-2.2/src/ucioption.cpp
Examining data/glaurung-2.2/src/direction.cpp
Examining data/glaurung-2.2/src/timeoday.cpp
Examining data/glaurung-2.2/src/search.h
Examining data/glaurung-2.2/src/bitboard.cpp
Examining data/glaurung-2.2/src/main.cpp
Examining data/glaurung-2.2/src/evaluate.cpp
FINAL RESULTS:
data/glaurung-2.2/src/ucioption.cpp:244:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(o->currentValue, newValue.c_str());
data/glaurung-2.2/src/lock.h:92:27: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
# define lock_init(x, y) InitializeCriticalSection(x)
data/glaurung-2.2/src/lock.h:93:24: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
# define lock_grab(x) EnterCriticalSection(x)
data/glaurung-2.2/src/benchmark.cpp:67:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(ttSize.c_str());
data/glaurung-2.2/src/benchmark.cpp:73:7: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
i = atoi(threads.c_str());
data/glaurung-2.2/src/book.cpp:362:12: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void Book::open(const std::string &fName) {
data/glaurung-2.2/src/book.cpp:364:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bookFile = fopen(fileName.c_str(), "rb");
data/glaurung-2.2/src/book.h:60:8: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
void open(const std::string &fName);
data/glaurung-2.2/src/misc.cpp:59:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char monthNames[12][4] = {
data/glaurung-2.2/src/misc.cpp:69:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
day = atoi(dateString+4);
data/glaurung-2.2/src/position.cpp:291:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(this, &pos, sizeof(Position));
data/glaurung-2.2/src/san.cpp:179:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char str[10];
data/glaurung-2.2/src/search.cpp:308:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
OpeningBook.open("book.bin");
data/glaurung-2.2/src/search.cpp:376:13: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
LogFile.open(get_option_value_string("Search Log Filename").c_str(),
data/glaurung-2.2/src/search.cpp:2033:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char input[256];
data/glaurung-2.2/src/search.cpp:2035:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(input, "quit\n");
data/glaurung-2.2/src/search.cpp:2349:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(splitPoint->sstack[master], sstck, (ply+1)*sizeof(SearchStack));
data/glaurung-2.2/src/search.cpp:2356:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(splitPoint->sstack[i], sstck, (ply+1)*sizeof(SearchStack));
data/glaurung-2.2/src/thread.h:74:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char pad[64];
data/glaurung-2.2/src/uci.cpp:343:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time[0] = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:347:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
time[1] = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:351:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inc[0] = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:355:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
inc[1] = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:359:23: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
movesToGo = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:363:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:367:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
nodes = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/uci.cpp:371:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
moveTime = atoi(uip.get_next_token().c_str());
data/glaurung-2.2/src/ucioption.cpp:54:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[50], defaultValue[300], currentValue[300];
data/glaurung-2.2/src/ucioption.cpp:57:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comboValues[8][64];
data/glaurung-2.2/src/ucioption.cpp:156:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->defaultValue, "%d", Min(cpu_count(), 7));
data/glaurung-2.2/src/ucioption.cpp:157:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->currentValue, "%d", Min(cpu_count(), 7));
data/glaurung-2.2/src/ucioption.cpp:165:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->defaultValue, "%d", 6);
data/glaurung-2.2/src/ucioption.cpp:166:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(o->defaultValue, "%d", 6);
data/glaurung-2.2/src/ucioption.cpp:209:10: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(o->currentValue);
data/glaurung-2.2/src/book.cpp:566:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = fgetc(file);
data/glaurung-2.2/src/san.cpp:192:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int left = 0, right = strlen(str) - 1;
data/glaurung-2.2/src/ucioption.cpp:185:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for(int i = 0; strlen(o->comboValues[i]) > 0; i++)
ANALYSIS SUMMARY:
Hits = 37
Lines analyzed = 17215 in approximately 0.44 seconds (39171 lines/second)
Physical Source Lines of Code (SLOC) = 10271
Hits@level = [0] 5 [1] 3 [2] 31 [3] 2 [4] 1 [5] 0
Hits@level+ = [0+] 42 [1+] 37 [2+] 34 [3+] 3 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 4.08918 [1+] 3.60238 [2+] 3.31029 [3+] 0.292085 [4+] 0.0973615 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.