Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gweled-0.9.1/src/sge_utils.h
Examining data/gweled-0.9.1/src/sge_core.h
Examining data/gweled-0.9.1/src/sge_core.c
Examining data/gweled-0.9.1/src/sound.h
Examining data/gweled-0.9.1/src/main.h
Examining data/gweled-0.9.1/src/graphic_engine.h
Examining data/gweled-0.9.1/src/graphic_engine.c
Examining data/gweled-0.9.1/src/games-setgid-io.h
Examining data/gweled-0.9.1/src/games-setgid-io.c
Examining data/gweled-0.9.1/src/games-scores-dialog-private.h
Examining data/gweled-0.9.1/src/games-scores-dialog.h
Examining data/gweled-0.9.1/src/games-scores-dialog.c
Examining data/gweled-0.9.1/src/games-scores-backend.h
Examining data/gweled-0.9.1/src/games-scores-backend.c
Examining data/gweled-0.9.1/src/games-scores.h
Examining data/gweled-0.9.1/src/games-scores.c
Examining data/gweled-0.9.1/src/games-score.h
Examining data/gweled-0.9.1/src/callbacks.c
Examining data/gweled-0.9.1/src/board_engine.h
Examining data/gweled-0.9.1/src/main.c
Examining data/gweled-0.9.1/src/sound.c
Examining data/gweled-0.9.1/src/games-score.c
Examining data/gweled-0.9.1/src/sge_utils.c
Examining data/gweled-0.9.1/src/board_engine.c

FINAL RESULTS:

data/gweled-0.9.1/src/main.c:93:6:  [4] (format) fprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
	    fprintf(configfile, configstr, NULL);
data/gweled-0.9.1/src/board_engine.c:140:13:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	i = (gint) g_rand_int_range (g_random_generator, 0, 2);
data/gweled-0.9.1/src/board_engine.c:144:10:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		return g_rand_int_range (g_random_generator, 0, 2) ? min_index : previous_min_index;
data/gweled-0.9.1/src/board_engine.c:146:31:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		return (max_index + (gchar) g_rand_int_range (g_random_generator, 1, 7)) % 7;
data/gweled-0.9.1/src/board_engine.c:316:24:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		i_total_score = 10 * g_rand_int_range (g_random_generator, 1, 2);
data/gweled-0.9.1/src/board_engine.c:391:18:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		alignment->x = g_rand_int_range (g_random_generator, 0, 7);
data/gweled-0.9.1/src/board_engine.c:392:18:  [3] (random) g_rand_int_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
		alignment->y = g_rand_int_range (g_random_generator, 0, 7);
data/gweled-0.9.1/src/sge_core.c:627:15:  [3] (random) g_rand_double_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
	object->vx = g_rand_double_range (g_rand_generator, -1.0, 1.0);
data/gweled-0.9.1/src/sge_core.c:628:18:  [3] (random) g_rand_double_range:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
    object->vy = g_rand_double_range (g_rand_generator, 0.0, 1.0);
data/gweled-0.9.1/src/board_engine.c:94:10:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
unsigned char gpc_bit_n[8] = { 0x01, 0x02, 0x04, 0x08, 0x10, 0x20, 0x40, 0x80 };
data/gweled-0.9.1/src/games-setgid-io.c:215:11:  [2] (misc) open:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
  newfd = open (path, flags);
data/gweled-0.9.1/src/graphic_engine.c:45:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
signed char gpc_font_glyphs[256];
data/gweled-0.9.1/src/main.c:90:15:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
	configfile = fopen(filename, "w");
data/gweled-0.9.1/src/main.c:157:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    stream = fopen(filename, "w");
data/gweled-0.9.1/src/main.c:175:14:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
    stream = fopen(filename, "r");
data/gweled-0.9.1/src/board_engine.c:329:11:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		xsize = strlen (buffer) * FONT_WIDTH;
data/gweled-0.9.1/src/board_engine.c:331:19:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
		for (i = 0; i < strlen (buffer); i++) {
data/gweled-0.9.1/src/games-scores-backend.c:308:46:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    setgid_io_write (self->priv->fd, buffer, strlen (buffer));
data/gweled-0.9.1/src/games-scores-backend.c:309:22:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
    output_length += strlen (buffer);
data/gweled-0.9.1/src/games-setgid-io.c:131:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    cnt = read (fd, buffer + totalcnt, n);
data/gweled-0.9.1/src/games-setgid-io.c:191:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen (path) + 1;
data/gweled-0.9.1/src/games-setgid-io.c:277:12:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
  result = read (fd, buffer, n);
data/gweled-0.9.1/src/games-setgid-io.c:416:12:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
  length = strlen (filename) + 1;
data/gweled-0.9.1/src/games-setgid-io.c:482:11:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
    cnt = read (infd, &command, 1);
data/gweled-0.9.1/src/graphic_engine.c:217:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen (message); i++)
data/gweled-0.9.1/src/graphic_engine.c:229:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msg_w = FONT_WIDTH * strlen (in_message);
data/gweled-0.9.1/src/graphic_engine.c:243:23:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	msg_w = FONT_WIDTH * strlen (in_message);
data/gweled-0.9.1/src/graphic_engine.c:249:18:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
	for (i = 0; i < strlen (message); i++)

ANALYSIS SUMMARY:

Hits = 28
Lines analyzed = 6076 in approximately 0.18 seconds (34214 lines/second)
Physical Source Lines of Code (SLOC) = 4170
Hits@level = [0]   1 [1]  13 [2]   6 [3]   8 [4]   1 [5]   0
Hits@level+ = [0+]  29 [1+]  28 [2+]  15 [3+]   9 [4+]   1 [5+]   0
Hits/KSLOC@level+ = [0+] 6.95444 [1+] 6.71463 [2+] 3.59712 [3+] 2.15827 [4+] 0.239808 [5+]   0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.