Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/rubiks-20070912/dietz/cu2/config.h Examining data/rubiks-20070912/dietz/cu2/cu2.cpp Examining data/rubiks-20070912/dietz/cu2/cu2.h Examining data/rubiks-20070912/dietz/cu2/main.cpp Examining data/rubiks-20070912/dietz/mcube/config.h Examining data/rubiks-20070912/dietz/mcube/main.cpp Examining data/rubiks-20070912/dietz/mcube/mcube.cpp Examining data/rubiks-20070912/dietz/mcube/mcube.h Examining data/rubiks-20070912/dietz/solver/cubex.cpp Examining data/rubiks-20070912/dietz/solver/cubex.h Examining data/rubiks-20070912/dietz/solver/loadsave.cpp Examining data/rubiks-20070912/dietz/solver/main.cpp Examining data/rubiks-20070912/dietz/solver/loadsave.h Examining data/rubiks-20070912/dik/cube.c Examining data/rubiks-20070912/dik/globals.c Examining data/rubiks-20070912/dik/globals.h Examining data/rubiks-20070912/dik/longtype.h Examining data/rubiks-20070912/dik/permcube.c Examining data/rubiks-20070912/dik/phase1.c Examining data/rubiks-20070912/dik/phase2.c Examining data/rubiks-20070912/dik/prntsol.c Examining data/rubiks-20070912/dik/setcube.c Examining data/rubiks-20070912/dik/size222.c Examining data/rubiks-20070912/dik/size333c.c Examining data/rubiks-20070912/dik/sizedom.c Examining data/rubiks-20070912/dik/sizekoc1.c Examining data/rubiks-20070912/dik/sizekoc2.c Examining data/rubiks-20070912/dik/sizesquare.c Examining data/rubiks-20070912/dik/trans/choice.c Examining data/rubiks-20070912/dik/trans/cperm.c Examining data/rubiks-20070912/dik/trans/eperm.c Examining data/rubiks-20070912/dik/trans/flip.c Examining data/rubiks-20070912/dik/trans/sperm.c Examining data/rubiks-20070912/dik/trans/twist.c Examining data/rubiks-20070912/dik/rancube.c Examining data/rubiks-20070912/reid/optimal.c Examining data/rubiks-20070912/reid/twist.c FINAL RESULTS: data/rubiks-20070912/dietz/cu2/main.cpp:286:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); // UNremark upon completion data/rubiks-20070912/dietz/mcube/main.cpp:294:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); // UNremark upon completion data/rubiks-20070912/dietz/solver/main.cpp:113:3: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(time(NULL)); data/rubiks-20070912/dik/rancube.c:9:5: [3] (random) srandom: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srandom((long)time((time_t *)NULL)); data/rubiks-20070912/dik/rancube.c:12:7: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. k = random(); data/rubiks-20070912/dietz/cu2/main.cpp:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coltochar[7]; data/rubiks-20070912/dietz/mcube/main.cpp:26:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char coltochar[7]; data/rubiks-20070912/dik/globals.c:3:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char U[3][3], D[3][3], R[3][3], L[3][3], F[3][3], B[3][3]; data/rubiks-20070912/dik/globals.c:4:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char cube[3][3][3][2]; /* resp coordinates and number/twist */ data/rubiks-20070912/dik/globals.c:5:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char tcube[3][3][3]; /* after phase 1 */ data/rubiks-20070912/dik/globals.c:6:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char moves[MAX_MOVES]; data/rubiks-20070912/dik/globals.h:5:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char U[3][3], D[3][3], L[3][3], R[3][3], F[3][3], B[3][3]; data/rubiks-20070912/dik/globals.h:6:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char cube[3][3][3][2]; data/rubiks-20070912/dik/globals.h:7:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char tcube[3][3][3]; data/rubiks-20070912/dik/globals.h:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char moves[MAX_MOVES]; data/rubiks-20070912/dik/setcube.c:3:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char corners[8][3][3] = { data/rubiks-20070912/dik/setcube.c:13:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char edges[12][2][2] = { data/rubiks-20070912/dik/setcube.c:67:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char corner[3], edge[2]; data/rubiks-20070912/dik/trans/choice.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char choices_weights[CHOICE_MAGIC]; data/rubiks-20070912/dik/trans/choice.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char choices_rotate[MAX_CHOICES][MI]; data/rubiks-20070912/dik/trans/cperm.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cperms_weights[CPERM_MAGIC]; data/rubiks-20070912/dik/trans/cperm.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char cperms_rotate[MAX_CPERMS][MI]; data/rubiks-20070912/dik/trans/eperm.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char eperms_weights[EPERM_MAGIC]; data/rubiks-20070912/dik/trans/eperm.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char eperms_rotate[MAX_EPERMS][MI]; data/rubiks-20070912/dik/trans/flip.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char flips_weights[FLIP_MAGIC]; data/rubiks-20070912/dik/trans/flip.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char flips_rotate[MAX_FLIPS][MI]; data/rubiks-20070912/dik/trans/sperm.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sperms_weights[SPERM_MAGIC]; data/rubiks-20070912/dik/trans/sperm.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char sperms_rotate[MAX_SPERMS][MI]; data/rubiks-20070912/dik/trans/twist.c:8:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char twists_weights[TWIST_MAGIC]; data/rubiks-20070912/dik/trans/twist.c:12:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char twists_rotate[MAX_TWISTS][MI]; data/rubiks-20070912/reid/optimal.c:264:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *sym_x_invsym_to_sym[N_SYM]; data/rubiks-20070912/reid/optimal.c:266:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *invsym_on_twist_ud[N_SYM]; data/rubiks-20070912/reid/optimal.c:267:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *invsym_on_twist_rl[N_SYM]; data/rubiks-20070912/reid/optimal.c:268:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *invsym_on_twist_fb[N_SYM]; data/rubiks-20070912/reid/optimal.c:277:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *twist_x_edge_to_sym[N_TWIST]; data/rubiks-20070912/reid/optimal.c:284:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static unsigned char *distance[N_CORNER]; data/rubiks-20070912/reid/optimal.c:841:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char (*mem_ptr)[N_SYM]; data/rubiks-20070912/reid/optimal.c:850:19: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned char (*)[N_SYM])malloc(sizeof(unsigned char [N_SYM][N_SYM])); data/rubiks-20070912/reid/optimal.c:949:10: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char (*mem_ptr)[N_SYM][N_TWIST]; data/rubiks-20070912/reid/optimal.c:957:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. mem_ptr = (unsigned char (*)[N_SYM][N_TWIST]) data/rubiks-20070912/reid/optimal.c:2808:29: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. fulledge_to_sym = (unsigned char *)malloc(sizeof(unsigned char [N_FULLEDGE])); data/rubiks-20070912/reid/optimal.c:2895:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. (unsigned char *)malloc(sizeof(unsigned char [N_TWIST][N_EDGEQUOT])); data/rubiks-20070912/reid/optimal.c:3433:25: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. distance[0] = (unsigned char *)malloc(sizeof(unsigned char [N_DIST_CHARS])); data/rubiks-20070912/reid/optimal.c:3539:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char edge_str[12][3], corner_str[8][4]; data/rubiks-20070912/reid/optimal.c:3671:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_str[256]; data/rubiks-20070912/reid/twist.c:523:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char line_str[2][MAX_INPUT_LENGTH], tw_str[3]; data/rubiks-20070912/dietz/cu2/main.cpp:82:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(stdin); data/rubiks-20070912/dietz/cu2/main.cpp:356:3: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(stdin); data/rubiks-20070912/dietz/mcube/main.cpp:82:5: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(stdin); data/rubiks-20070912/dietz/mcube/main.cpp:368:3: [1] (buffer) fgetc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). fgetc(stdin); data/rubiks-20070912/dik/cube.c:178:16: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getchar()) != EOF) { data/rubiks-20070912/dik/cube.c:273:16: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while((c = getchar()) != '\n') { data/rubiks-20070912/dik/cube.c:288:6: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). n = getchar(); data/rubiks-20070912/reid/optimal.c:3546:5: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(string, "%2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %2s %3s %3s %3s %3s %3s %3s %3s %3s", data/rubiks-20070912/reid/twist.c:539:13: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. num = sscanf(line_str[ii], "%2s%[^\n]", tw_str, line_str[1 - ii]); ANALYSIS SUMMARY: Hits = 55 Lines analyzed = 17461 in approximately 0.54 seconds (32341 lines/second) Physical Source Lines of Code (SLOC) = 14659 Hits@level = [0] 372 [1] 9 [2] 41 [3] 5 [4] 0 [5] 0 Hits@level+ = [0+] 427 [1+] 55 [2+] 46 [3+] 5 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 29.1289 [1+] 3.75196 [2+] 3.138 [3+] 0.341087 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.