Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gridlock.app-1.10/MyWindow.h Examining data/gridlock.app-1.10/AbstractLineGame.h Examining data/gridlock.app-1.10/AccessorMacros.h Examining data/gridlock.app-1.10/AppController.h Examining data/gridlock.app-1.10/AtaxxAI.h Examining data/gridlock.app-1.10/AtaxxGame.h Examining data/gridlock.app-1.10/AtaxxViewDelegate.h Examining data/gridlock.app-1.10/BreakthroughAI.h Examining data/gridlock.app-1.10/CocoaAdditions.h Examining data/gridlock.app-1.10/ConnectFourAI.h Examining data/gridlock.app-1.10/ConnectFourGame.h Examining data/gridlock.app-1.10/DCHypergrid.h Examining data/gridlock.app-1.10/DCHypergridPositionEnumerator.h Examining data/gridlock.app-1.10/DCHypergridPosition.h Examining data/gridlock.app-1.10/GameController.h Examining data/gridlock.app-1.10/GenericAI.h Examining data/gridlock.app-1.10/GlassBeadGame.h Examining data/gridlock.app-1.10/GlassBeadViewDelegate.h Examining data/gridlock.app-1.10/GomokuAI.h Examining data/gridlock.app-1.10/GomokuGame.h Examining data/gridlock.app-1.10/hypergrid.h Examining data/gridlock.app-1.10/ImageStore.h Examining data/gridlock.app-1.10/Preferences.h Examining data/gridlock.app-1.10/PlayerTurnIndicatorView.h Examining data/gridlock.app-1.10/PrefsWindowController.h Examining data/gridlock.app-1.10/ReversiAI.h Examining data/gridlock.app-1.10/ReversiGame.h Examining data/gridlock.app-1.10/hypergrid.c Examining data/gridlock.app-1.10/DiagonalsGame.h Examining data/gridlock.app-1.10/FiancoAI.h Examining data/gridlock.app-1.10/CheckersAI.h Examining data/gridlock.app-1.10/CheckersGame.h Examining data/gridlock.app-1.10/CheckersViewDelegate.h Examining data/gridlock.app-1.10/ClientController.h Examining data/gridlock.app-1.10/EDCommonDefines.h Examining data/gridlock.app-1.10/EDIPSocket.h Examining data/gridlock.app-1.10/EDTCPSocket.h Examining data/gridlock.app-1.10/GameConfiguration.h Examining data/gridlock.app-1.10/GameHistory.h Examining data/gridlock.app-1.10/GridlockGameState.h Examining data/gridlock.app-1.10/LifeAI.h Examining data/gridlock.app-1.10/LifeGame.h Examining data/gridlock.app-1.10/NSFileHandle+Extensions.h Examining data/gridlock.app-1.10/RendezvousUtils.h Examining data/gridlock.app-1.10/ServerController.h Examining data/gridlock.app-1.10/functions.h Examining data/gridlock.app-1.10/CatsAndDogsAI.h Examining data/gridlock.app-1.10/FiancoGame.h Examining data/gridlock.app-1.10/CatsAndDogsGame.h Examining data/gridlock.app-1.10/QuadWrangleGame.h Examining data/gridlock.app-1.10/AutoplayController.h Examining data/gridlock.app-1.10/GravityAI.h Examining data/gridlock.app-1.10/GravityGame.h Examining data/gridlock.app-1.10/GravityViewDelegate.h Examining data/gridlock.app-1.10/CatsAndDogsViewDelegate.h Examining data/gridlock.app-1.10/ZoneshAI.h Examining data/gridlock.app-1.10/ZoneshGame.h Examining data/gridlock.app-1.10/ZoneshViewDelegate.h Examining data/gridlock.app-1.10/HexapawnAI.h Examining data/gridlock.app-1.10/HexapawnGame.h Examining data/gridlock.app-1.10/MorayEelsGame.h Examining data/gridlock.app-1.10/AnyDirectionUntilBlockedMoveRule.h Examining data/gridlock.app-1.10/AtomicAI.h Examining data/gridlock.app-1.10/AtomicGame.h Examining data/gridlock.app-1.10/AtomicViewDelegate.h Examining data/gridlock.app-1.10/BombardmentAI.h Examining data/gridlock.app-1.10/BombardmentGame.h Examining data/gridlock.app-1.10/DaggerAI.h Examining data/gridlock.app-1.10/DaggerGame.h Examining data/gridlock.app-1.10/FissionAI.h Examining data/gridlock.app-1.10/FissionGame.h Examining data/gridlock.app-1.10/FiveFieldKonoAI.h Examining data/gridlock.app-1.10/FiveFieldKonoGame.h Examining data/gridlock.app-1.10/OrthokonGame.h Examining data/gridlock.app-1.10/PhotonicAttackGame.h Examining data/gridlock.app-1.10/ReactorGame.h Examining data/gridlock.app-1.10/ReactorViewDelegate.h Examining data/gridlock.app-1.10/TourneyAI.h Examining data/gridlock.app-1.10/TourneyGame.h Examining data/gridlock.app-1.10/WallGameViewDelegate.h Examining data/gridlock.app-1.10/AmbivalenceGame.h Examining data/gridlock.app-1.10/DominionGame.h Examining data/gridlock.app-1.10/FusionGame.h Examining data/gridlock.app-1.10/SabotageAI.h Examining data/gridlock.app-1.10/SabotageGame.h Examining data/gridlock.app-1.10/SabotageViewDelegate.h Examining data/gridlock.app-1.10/ThinkAheadAI.h Examining data/gridlock.app-1.10/ThinkAheadGame.h Examining data/gridlock.app-1.10/ThinkAheadViewDelegate.h Examining data/gridlock.app-1.10/TongaGame.h Examining data/gridlock.app-1.10/osdep.h Examining data/gridlock.app-1.10/EDObjcRuntime.h Examining data/gridlock.app-1.10/BoardView.h Examining data/gridlock.app-1.10/Game.h Examining data/gridlock.app-1.10/NSObject+Extensions.h Examining data/gridlock.app-1.10/NetConnection.h Examining data/gridlock.app-1.10/EDSocket.h FINAL RESULTS: data/gridlock.app-1.10/osdep.h:222:16: [4] (shell) system: This causes a new program to execute and is difficult to use safely (CWE-78). try using a library call that implements the same functionality if available. #error Unknown system! data/gridlock.app-1.10/osdep.h:112:9: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define random() rand() data/gridlock.app-1.10/osdep.h:113:9: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom(seed) srand(seed) data/gridlock.app-1.10/osdep.h:113:23: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. #define srandom(seed) srand(seed) data/gridlock.app-1.10/hypergrid.c:33:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(copy->grid_data, srcgrid->grid_data, srcgrid->num_cells*sizeof(gridvalue_t)); data/gridlock.app-1.10/hypergrid.c:50:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(array, coords, len*sizeof(int)); ANALYSIS SUMMARY: Hits = 6 Lines analyzed = 3791 in approximately 0.28 seconds (13709 lines/second) Physical Source Lines of Code (SLOC) = 1724 Hits@level = [0] 3 [1] 0 [2] 2 [3] 3 [4] 1 [5] 0 Hits@level+ = [0+] 9 [1+] 6 [2+] 6 [3+] 4 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 5.22042 [1+] 3.48028 [2+] 3.48028 [3+] 2.32019 [4+] 0.580046 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.