Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/tuxfootball-0.3.1/src/camera.cpp
Examining data/tuxfootball-0.3.1/src/rect.h
Examining data/tuxfootball-0.3.1/src/const.h
Examining data/tuxfootball-0.3.1/src/Font.hpp
Examining data/tuxfootball-0.3.1/src/spritesequence.h
Examining data/tuxfootball-0.3.1/src/spritesequence.cpp
Examining data/tuxfootball-0.3.1/src/pitch.h
Examining data/tuxfootball-0.3.1/src/camera.h
Examining data/tuxfootball-0.3.1/src/menu/videosettingsmenu.cpp
Examining data/tuxfootball-0.3.1/src/menu/menu.cpp
Examining data/tuxfootball-0.3.1/src/menu/redefinekeysmenu.cpp
Examining data/tuxfootball-0.3.1/src/menu/redefinekeysmenu.h
Examining data/tuxfootball-0.3.1/src/menu/menu.h
Examining data/tuxfootball-0.3.1/src/menu/mainmenu.h
Examining data/tuxfootball-0.3.1/src/menu/mainmenu.cpp
Examining data/tuxfootball-0.3.1/src/menu/videosettingsmenu.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menubutton.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menuoptionlist.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menubutton.cpp
Examining data/tuxfootball-0.3.1/src/menu/elements/menuitem.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menuitem.cpp
Examining data/tuxfootball-0.3.1/src/menu/elements/menuoptionlist.cpp
Examining data/tuxfootball-0.3.1/src/menu/elements/menukeyselect.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menukeyselect.cpp
Examining data/tuxfootball-0.3.1/src/menu/elements/menulabel.h
Examining data/tuxfootball-0.3.1/src/menu/elements/menulabel.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/firsthalfstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/extratimehalftimestate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/halftimestate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/statebase.h
Examining data/tuxfootball-0.3.1/src/gamestates/extratimefirsthalfstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/fulltimestate.h
Examining data/tuxfootball-0.3.1/src/gamestates/firsthalfstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/mainmenustate.h
Examining data/tuxfootball-0.3.1/src/gamestates/matchstartstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/secondhalfstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/fulltimestate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/mainmenustate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/halftimestate.h
Examining data/tuxfootball-0.3.1/src/gamestates/extratimesecondhalfstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/matchabortedstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/menustatebase.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/videomenustate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/videomenustate.h
Examining data/tuxfootball-0.3.1/src/gamestates/ingamestatebase.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/matchabortedstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/matchstartstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/ingamestatebase.h
Examining data/tuxfootball-0.3.1/src/gamestates/redefinekeysstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/nationalanthemstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/penaltyshootoutstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/extratimefirsthalfstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/extratimestate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/nationalanthemstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/extratimestate.h
Examining data/tuxfootball-0.3.1/src/gamestates/statebase.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/extratimesecondhalfstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/matchfinishedstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/redefinekeysstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/extratimehalftimestate.h
Examining data/tuxfootball-0.3.1/src/gamestates/matchfinishedstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/penaltyshootoutstate.h
Examining data/tuxfootball-0.3.1/src/gamestates/secondhalfstate.cpp
Examining data/tuxfootball-0.3.1/src/gamestates/menustatebase.h
Examining data/tuxfootball-0.3.1/src/matrix.cpp
Examining data/tuxfootball-0.3.1/src/segment.cpp
Examining data/tuxfootball-0.3.1/src/graphics.h
Examining data/tuxfootball-0.3.1/src/controller.cpp
Examining data/tuxfootball-0.3.1/src/gameengine.h
Examining data/tuxfootball-0.3.1/src/controller.h
Examining data/tuxfootball-0.3.1/src/pitch.cpp
Examining data/tuxfootball-0.3.1/src/team.h
Examining data/tuxfootball-0.3.1/src/tilemap.h
Examining data/tuxfootball-0.3.1/src/gameengine.cpp
Examining data/tuxfootball-0.3.1/src/logger/logger.h
Examining data/tuxfootball-0.3.1/src/logger/logger.cpp
Examining data/tuxfootball-0.3.1/src/body.h
Examining data/tuxfootball-0.3.1/src/graphics.cpp
Examining data/tuxfootball-0.3.1/src/ball.h
Examining data/tuxfootball-0.3.1/src/SFont.c
Examining data/tuxfootball-0.3.1/src/body.cpp
Examining data/tuxfootball-0.3.1/src/team.cpp
Examining data/tuxfootball-0.3.1/src/matrix.h
Examining data/tuxfootball-0.3.1/src/point3d.h
Examining data/tuxfootball-0.3.1/src/player.h
Examining data/tuxfootball-0.3.1/src/SFont.h
Examining data/tuxfootball-0.3.1/src/resources/soundmanager.h
Examining data/tuxfootball-0.3.1/src/resources/resourcemanager.cpp
Examining data/tuxfootball-0.3.1/src/resources/soundmanager.cpp
Examining data/tuxfootball-0.3.1/src/resources/fontmanager.cpp
Examining data/tuxfootball-0.3.1/src/resources/surfacemanager.h
Examining data/tuxfootball-0.3.1/src/resources/surfacemanager.cpp
Examining data/tuxfootball-0.3.1/src/resources/fontmanager.h
Examining data/tuxfootball-0.3.1/src/resources/resourcemanager.h
Examining data/tuxfootball-0.3.1/src/ball.cpp
Examining data/tuxfootball-0.3.1/src/spriteobject.h
Examining data/tuxfootball-0.3.1/src/tilemap.cpp
Examining data/tuxfootball-0.3.1/src/segment.h
Examining data/tuxfootball-0.3.1/src/player.cpp
Examining data/tuxfootball-0.3.1/src/rect.cpp
Examining data/tuxfootball-0.3.1/src/gettext.h
Examining data/tuxfootball-0.3.1/src/point3d.cpp
Examining data/tuxfootball-0.3.1/src/spriteobject.cpp
Examining data/tuxfootball-0.3.1/src/main.cpp
FINAL RESULTS:
data/tuxfootball-0.3.1/src/main.cpp:49:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, fmt, ap);
data/tuxfootball-0.3.1/src/gettext.h:210:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/tuxfootball-0.3.1/src/gettext.h:212:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tuxfootball-0.3.1/src/gettext.h:220:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/tuxfootball-0.3.1/src/gettext.h:222:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/tuxfootball-0.3.1/src/gettext.h:256:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg_ctxt_id[msgctxt_len + msgid_len];
data/tuxfootball-0.3.1/src/gettext.h:258:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[1024];
data/tuxfootball-0.3.1/src/gettext.h:266:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id, msgctxt, msgctxt_len - 1);
data/tuxfootball-0.3.1/src/gettext.h:268:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy (msg_ctxt_id + msgctxt_len, msgid, msgid_len);
data/tuxfootball-0.3.1/src/main.cpp:179:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[_MAX_PATH];
data/tuxfootball-0.3.1/src/tilemap.cpp:45:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
tilemap.open((datadir+path+"/tile.map").c_str(), std::ios::in);
data/tuxfootball-0.3.1/src/gettext.h:206:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/tuxfootball-0.3.1/src/gettext.h:207:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
data/tuxfootball-0.3.1/src/gettext.h:252:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgctxt_len = strlen (msgctxt) + 1;
data/tuxfootball-0.3.1/src/gettext.h:253:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
size_t msgid_len = strlen (msgid) + 1;
ANALYSIS SUMMARY:
Hits = 15
Lines analyzed = 11371 in approximately 0.66 seconds (17271 lines/second)
Physical Source Lines of Code (SLOC) = 7025
Hits@level = [0] 1 [1] 4 [2] 10 [3] 0 [4] 1 [5] 0
Hits@level+ = [0+] 16 [1+] 15 [2+] 11 [3+] 1 [4+] 1 [5+] 0
Hits/KSLOC@level+ = [0+] 2.27758 [1+] 2.13523 [2+] 1.56584 [3+] 0.142349 [4+] 0.142349 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.