Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/toga2-3.0.0.1SE1/src/vector.h
Examining data/toga2-3.0.0.1SE1/src/option.h
Examining data/toga2-3.0.0.1SE1/src/move_legal.h
Examining data/toga2-3.0.0.1SE1/src/square.h
Examining data/toga2-3.0.0.1SE1/src/board.h
Examining data/toga2-3.0.0.1SE1/src/pst.cpp
Examining data/toga2-3.0.0.1SE1/src/fen.h
Examining data/toga2-3.0.0.1SE1/src/list.cpp
Examining data/toga2-3.0.0.1SE1/src/value.cpp
Examining data/toga2-3.0.0.1SE1/src/move_do.cpp
Examining data/toga2-3.0.0.1SE1/src/piece.h
Examining data/toga2-3.0.0.1SE1/src/color.h
Examining data/toga2-3.0.0.1SE1/src/move_gen.h
Examining data/toga2-3.0.0.1SE1/src/search.h
Examining data/toga2-3.0.0.1SE1/src/main.h
Examining data/toga2-3.0.0.1SE1/src/probe.cpp
Examining data/toga2-3.0.0.1SE1/src/util.h
Examining data/toga2-3.0.0.1SE1/src/square.cpp
Examining data/toga2-3.0.0.1SE1/src/util.cpp
Examining data/toga2-3.0.0.1SE1/src/move_evasion.h
Examining data/toga2-3.0.0.1SE1/src/move_check.h
Examining data/toga2-3.0.0.1SE1/src/attack.cpp
Examining data/toga2-3.0.0.1SE1/src/random.cpp
Examining data/toga2-3.0.0.1SE1/src/protocol.h
Examining data/toga2-3.0.0.1SE1/src/pawn.cpp
Examining data/toga2-3.0.0.1SE1/src/trans.cpp
Examining data/toga2-3.0.0.1SE1/src/list.h
Examining data/toga2-3.0.0.1SE1/src/material.h
Examining data/toga2-3.0.0.1SE1/src/move_do.h
Examining data/toga2-3.0.0.1SE1/src/board.cpp
Examining data/toga2-3.0.0.1SE1/src/hash.h
Examining data/toga2-3.0.0.1SE1/src/move_evasion.cpp
Examining data/toga2-3.0.0.1SE1/src/recog.cpp
Examining data/toga2-3.0.0.1SE1/src/eval.h
Examining data/toga2-3.0.0.1SE1/src/search_full.h
Examining data/toga2-3.0.0.1SE1/src/pv.h
Examining data/toga2-3.0.0.1SE1/src/move_gen.cpp
Examining data/toga2-3.0.0.1SE1/src/search.cpp
Examining data/toga2-3.0.0.1SE1/src/piece.cpp
Examining data/toga2-3.0.0.1SE1/src/pv.cpp
Examining data/toga2-3.0.0.1SE1/src/book.cpp
Examining data/toga2-3.0.0.1SE1/src/attack.h
Examining data/toga2-3.0.0.1SE1/src/colour.h
Examining data/toga2-3.0.0.1SE1/src/hash.cpp
Examining data/toga2-3.0.0.1SE1/src/sort.cpp
Examining data/toga2-3.0.0.1SE1/src/pawn.h
Examining data/toga2-3.0.0.1SE1/src/pst.h
Examining data/toga2-3.0.0.1SE1/src/posix.h
Examining data/toga2-3.0.0.1SE1/src/see.h
Examining data/toga2-3.0.0.1SE1/src/fen.cpp
Examining data/toga2-3.0.0.1SE1/src/posix.cpp
Examining data/toga2-3.0.0.1SE1/src/move_check.cpp
Examining data/toga2-3.0.0.1SE1/src/see.cpp
Examining data/toga2-3.0.0.1SE1/src/vector.cpp
Examining data/toga2-3.0.0.1SE1/src/values.h
Examining data/toga2-3.0.0.1SE1/src/random.h
Examining data/toga2-3.0.0.1SE1/src/recog.h
Examining data/toga2-3.0.0.1SE1/src/move.h
Examining data/toga2-3.0.0.1SE1/src/book.h
Examining data/toga2-3.0.0.1SE1/src/move.cpp
Examining data/toga2-3.0.0.1SE1/src/material.cpp
Examining data/toga2-3.0.0.1SE1/src/trans.h
Examining data/toga2-3.0.0.1SE1/src/eval.cpp
Examining data/toga2-3.0.0.1SE1/src/search_full.cpp
Examining data/toga2-3.0.0.1SE1/src/probe.h
Examining data/toga2-3.0.0.1SE1/src/move_legal.cpp
Examining data/toga2-3.0.0.1SE1/src/sort.h
Examining data/toga2-3.0.0.1SE1/src/value.h
Examining data/toga2-3.0.0.1SE1/src/main.cpp
Examining data/toga2-3.0.0.1SE1/src/option.cpp
Examining data/toga2-3.0.0.1SE1/src/protocol.cpp
FINAL RESULTS:
data/toga2-3.0.0.1SE1/src/move.cpp:127:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string,NullMoveString);
data/toga2-3.0.0.1SE1/src/probe.cpp:54:2: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(path,main_path);
data/toga2-3.0.0.1SE1/src/probe.cpp:55:2: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(path,EGBB_NAME);
data/toga2-3.0.0.1SE1/src/protocol.cpp:714:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string,format,arg_list);
data/toga2-3.0.0.1SE1/src/search.cpp:612:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_multipv[SearchCurrent[ThreadId]->multipv].pv_string,pv_string);
data/toga2-3.0.0.1SE1/src/search.cpp:631:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_multipv[z].pv_string,save_multipv[z-1].pv_string);
data/toga2-3.0.0.1SE1/src/search.cpp:640:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_multipv[i].pv_string,pv_string);
data/toga2-3.0.0.1SE1/src/search.cpp:650:6: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(save_multipv[SearchCurrent[ThreadId]->multipv].pv_string,pv_string);
data/toga2-3.0.0.1SE1/src/util.cpp:54:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(string,S64_FORMAT,&n);
data/toga2-3.0.0.1SE1/src/util.cpp:98:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,format,ap);
data/toga2-3.0.0.1SE1/src/util.cpp:170:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(address,string);
data/toga2-3.0.0.1SE1/src/probe.cpp:38:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
#define LoadLibrary(x) dlopen(x,RTLD_LAZY)
data/toga2-3.0.0.1SE1/src/probe.cpp:58:12: [3] (misc) LoadLibrary:
Ensure that the full path to the library is specified, or current directory
may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
find library path, if you aren't already.
if(hmod = LoadLibrary(path)) {
data/toga2-3.0.0.1SE1/src/protocol.cpp:134:4: [3] (misc) InitializeCriticalSection:
Exceptions can be thrown in low-memory situations. Use
InitializeCriticalSectionAndSpinCount instead.
InitializeCriticalSection(&CriticalSection);
data/toga2-3.0.0.1SE1/src/search.cpp:578:4: [3] (misc) EnterCriticalSection:
On some versions of Windows, exceptions can be thrown in low-memory
situations. Use InitializeCriticalSectionAndSpinCount instead.
EnterCriticalSection(&CriticalSection);
data/toga2-3.0.0.1SE1/src/util.cpp:32:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/toga2-3.0.0.1SE1/src/book.cpp:55:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BookFile = fopen(file_name,"rb");
data/toga2-3.0.0.1SE1/src/fen.cpp:181:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
board->ply_nb = atoi(&fen[pos]);
data/toga2-3.0.0.1SE1/src/fen.cpp:274:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&fen[pos],"%d 1",board->ply_nb);
data/toga2-3.0.0.1SE1/src/main.h:10:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char file_name[256];
data/toga2-3.0.0.1SE1/src/move.cpp:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_string[3];
data/toga2-3.0.0.1SE1/src/option.cpp:180:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(val);
data/toga2-3.0.0.1SE1/src/pawn.cpp:308:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool backward, candidate, doubled, isolated, open, passed;
data/toga2-3.0.0.1SE1/src/pawn.cpp:486:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) {
data/toga2-3.0.0.1SE1/src/pawn.cpp:496:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) {
data/toga2-3.0.0.1SE1/src/piece.cpp:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char PieceString[12+1] = "PpNnBbRrQqKk";
data/toga2-3.0.0.1SE1/src/probe.cpp:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char path[256];
data/toga2-3.0.0.1SE1/src/protocol.cpp:153:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[65536];
data/toga2-3.0.0.1SE1/src/protocol.cpp:322:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
binc = double(atoi(ptr)) / 1000.0;
data/toga2-3.0.0.1SE1/src/protocol.cpp:330:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
btime = double(atoi(ptr)) / 1000.0;
data/toga2-3.0.0.1SE1/src/protocol.cpp:338:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(ptr);
data/toga2-3.0.0.1SE1/src/protocol.cpp:350:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mate = atoi(ptr);
data/toga2-3.0.0.1SE1/src/protocol.cpp:358:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
movestogo = atoi(ptr);
data/toga2-3.0.0.1SE1/src/protocol.cpp:366:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
movetime = double(atoi(ptr)) / 1000.0;
data/toga2-3.0.0.1SE1/src/protocol.cpp:390:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
winc = double(atoi(ptr)) / 1000.0;
data/toga2-3.0.0.1SE1/src/protocol.cpp:398:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtime = double(atoi(ptr)) / 1000.0;
data/toga2-3.0.0.1SE1/src/protocol.cpp:506:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/toga2-3.0.0.1SE1/src/protocol.cpp:633:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/toga2-3.0.0.1SE1/src/protocol.cpp:634:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ponder_string[256];
data/toga2-3.0.0.1SE1/src/protocol.cpp:709:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[4096];
data/toga2-3.0.0.1SE1/src/search.cpp:574:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256], pv_string[512];
data/toga2-3.0.0.1SE1/src/search.cpp:721:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/toga2-3.0.0.1SE1/src/search.h:42:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pv_string[512];
data/toga2-3.0.0.1SE1/src/book.cpp:202:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = fgetc(file);
data/toga2-3.0.0.1SE1/src/move.cpp:135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(string)==4);
data/toga2-3.0.0.1SE1/src/pv.cpp:85:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(&string[pos]);
data/toga2-3.0.0.1SE1/src/search.cpp:251:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(save_multipv[i].pv_string,"");
data/toga2-3.0.0.1SE1/src/util.cpp:169:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
address = (char *) my_malloc(strlen(string)+1);
ANALYSIS SUMMARY:
Hits = 48
Lines analyzed = 17110 in approximately 0.32 seconds (53762 lines/second)
Physical Source Lines of Code (SLOC) = 9954
Hits@level = [0] 12 [1] 5 [2] 27 [3] 5 [4] 11 [5] 0
Hits@level+ = [0+] 60 [1+] 48 [2+] 43 [3+] 16 [4+] 11 [5+] 0
Hits/KSLOC@level+ = [0+] 6.02773 [1+] 4.82218 [2+] 4.31987 [3+] 1.60739 [4+] 1.10508 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.