Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/xmahjongg-3.7/src/solvable.cc
Examining data/xmahjongg-3.7/src/kmjts.cc
Examining data/xmahjongg-3.7/src/kdets.cc
Examining data/xmahjongg-3.7/src/swwidget.cc
Examining data/xmahjongg-3.7/src/hint.cc
Examining data/xmahjongg-3.7/src/matches.cc
Examining data/xmahjongg-3.7/src/swgeneral.cc
Examining data/xmahjongg-3.7/src/counter.cc
Examining data/xmahjongg-3.7/src/images.c
Examining data/xmahjongg-3.7/src/tileset.cc
Examining data/xmahjongg-3.7/src/xmj3ts.cc
Examining data/xmahjongg-3.7/src/alarm.cc
Examining data/xmahjongg-3.7/src/panel.cc
Examining data/xmahjongg-3.7/src/tile.cc
Examining data/xmahjongg-3.7/src/gmjts.cc
Examining data/xmahjongg-3.7/src/button.cc
Examining data/xmahjongg-3.7/src/traverse.cc
Examining data/xmahjongg-3.7/src/moment.cc
Examining data/xmahjongg-3.7/src/solution.cc
Examining data/xmahjongg-3.7/src/random.cc
Examining data/xmahjongg-3.7/src/board.cc
Examining data/xmahjongg-3.7/src/game.cc
Examining data/xmahjongg-3.7/src/main.cc
Examining data/xmahjongg-3.7/liblcdf/fixlibc.c
Examining data/xmahjongg-3.7/liblcdf/giffunc.c
Examining data/xmahjongg-3.7/liblcdf/permstr.cc
Examining data/xmahjongg-3.7/liblcdf/fmalloc.c
Examining data/xmahjongg-3.7/liblcdf/giftoc.c
Examining data/xmahjongg-3.7/liblcdf/clp.c
Examining data/xmahjongg-3.7/liblcdf/straccum.cc
Examining data/xmahjongg-3.7/liblcdf/gifx.c
Examining data/xmahjongg-3.7/liblcdf/vectorv.cc
Examining data/xmahjongg-3.7/liblcdf/string.cc
Examining data/xmahjongg-3.7/liblcdf/gifread.c
Examining data/xmahjongg-3.7/include/lcdfgif/gif.h
Examining data/xmahjongg-3.7/include/lcdfgif/gifx.h
Examining data/xmahjongg-3.7/include/lcdf/clp.h
Examining data/xmahjongg-3.7/include/lcdf/vector.cc
Examining data/xmahjongg-3.7/include/lcdf/inttypes.h
FINAL RESULTS:
data/xmahjongg-3.7/liblcdf/giffunc.c:740:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, x, val);
data/xmahjongg-3.7/liblcdf/giftoc.c:156:2: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(ndirectory, "%s%c", directory, PATHNAME_SEPARATOR);
data/xmahjongg-3.7/liblcdf/giftoc.c:181:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(file_name, directory);
data/xmahjongg-3.7/liblcdf/giftoc.c:182:5: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(file_name, argv[0]);
data/xmahjongg-3.7/liblcdf/permstr.cc:314:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(psc + pspos, buffer);
data/xmahjongg-3.7/liblcdf/straccum.cc:136:14: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
StringAccum::snprintf(int n, const char *format, ...)
data/xmahjongg-3.7/liblcdf/straccum.cc:142:15: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
int len = vsnprintf(x, n + 1, format, val);
data/xmahjongg-3.7/liblcdf/straccum.cc:144:15: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
int len = vsprintf(x, format, val);
data/xmahjongg-3.7/src/main.cc:77:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, val);
data/xmahjongg-3.7/src/main.cc:96:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, val);
data/xmahjongg-3.7/src/main.cc:106:3: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr, message, val);
data/xmahjongg-3.7/src/main.cc:188:3: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf(format, dir_name);
data/xmahjongg-3.7/src/main.cc:207:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/layouts", config_dir);
data/xmahjongg-3.7/src/main.cc:214:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/tiles", config_dir);
data/xmahjongg-3.7/src/main.cc:221:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/backgrounds", config_dir);
data/xmahjongg-3.7/src/main.cc:238:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s-lit", name);
data/xmahjongg-3.7/src/main.cc:407:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/tiles/%s.gif", config_dir, tileset_name);
data/xmahjongg-3.7/src/main.cc:482:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/backgrounds/%s.gif", config_dir, background_name);
data/xmahjongg-3.7/src/main.cc:685:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s/layouts/%s", config_dir, layout_name);
data/xmahjongg-3.7/src/solvable.cc:30:2: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, t != _null_tile ? "^^^ " : " ");
data/xmahjongg-3.7/include/lcdf/clp.h:83:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char cs[Clp_ValSize];
data/xmahjongg-3.7/include/lcdf/clp.h:84:11: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char ucs[Clp_ValSize];
data/xmahjongg-3.7/liblcdf/clp.c:70:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char option_class[256];
data/xmahjongg-3.7/liblcdf/clp.c:73:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option_chars[3];
data/xmahjongg-3.7/liblcdf/clp.c:98:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char option_chars[3];
data/xmahjongg-3.7/liblcdf/clp.c:356:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char have_short[257];
data/xmahjongg-3.7/liblcdf/clp.c:613:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char lcarg[6];
data/xmahjongg-3.7/liblcdf/clp.c:828:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(clp_argv->argv_buf, str_in, len);
data/xmahjongg-3.7/liblcdf/clp.c:928:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(save->option_chars, cli->option_chars, 3);
data/xmahjongg-3.7/liblcdf/clp.c:942:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(cli->option_chars, save->option_chars, 3);
data/xmahjongg-3.7/liblcdf/clp.c:1401:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(bs->pos, s, l);
data/xmahjongg-3.7/liblcdf/clp.c:1450:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bs->pos, "\\%03o", c);
data/xmahjongg-3.7/liblcdf/clp.c:1460:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(bs->pos, "%d", d);
data/xmahjongg-3.7/liblcdf/clp.c:1584:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buf + bufpos, what, l);
data/xmahjongg-3.7/liblcdf/clp.c:1615:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[256];
data/xmahjongg-3.7/liblcdf/fixlibc.c:25:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(t, s, l);
data/xmahjongg-3.7/liblcdf/giffunc.c:146:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(copy, s, l + 1);
data/xmahjongg-3.7/liblcdf/giffunc.c:205:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_x, x, xlen);
data/xmahjongg-3.7/liblcdf/giffunc.c:366:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(data, src->img[i], dest->width);
data/xmahjongg-3.7/liblcdf/giffunc.c:378:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(dest->compressed, src->compressed, src->compressed_len);
data/xmahjongg-3.7/liblcdf/gifread.c:127:3: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(p, grr->v, s);
data/xmahjongg-3.7/liblcdf/gifread.c:456:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(gfi->compressed, first, gfi->compressed_len);
data/xmahjongg-3.7/liblcdf/gifread.c:853:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[256];
data/xmahjongg-3.7/liblcdf/gifread.c:854:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "unknown block type %d at file offset %d", block, gifgetoffset(grr) - 1);
data/xmahjongg-3.7/liblcdf/giftoc.c:179:24: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xmahjongg-3.7/liblcdf/giftoc.c:183:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(file_name, "rb");
data/xmahjongg-3.7/liblcdf/gifx.c:252:7: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(pixels + npixels, gfxc->pixels, gfxc->npixels);
data/xmahjongg-3.7/liblcdf/permstr.cc:146:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(buck->data, s, length);
data/xmahjongg-3.7/liblcdf/permstr.cc:193:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(psc + pspos, s, len);
data/xmahjongg-3.7/liblcdf/permstr.cc:310:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[1000];
data/xmahjongg-3.7/liblcdf/permstr.cc:312:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "%.10g%n", x, &len);
data/xmahjongg-3.7/liblcdf/permstr.cc:350:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, p1.c_str(), l1);
data/xmahjongg-3.7/liblcdf/permstr.cc:351:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + l1, p2.c_str(), l2);
data/xmahjongg-3.7/liblcdf/permstr.cc:364:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s, p1.c_str(), l1);
data/xmahjongg-3.7/liblcdf/permstr.cc:365:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + l1, p2.c_str(), l2);
data/xmahjongg-3.7/liblcdf/permstr.cc:366:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(s + l1 + l2, p3.c_str(), l3);
data/xmahjongg-3.7/liblcdf/straccum.cc:77:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(n, _s, _cap);
data/xmahjongg-3.7/liblcdf/straccum.cc:109:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(x, "%ld", i);
data/xmahjongg-3.7/liblcdf/straccum.cc:119:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(x, "%lu", u);
data/xmahjongg-3.7/liblcdf/straccum.cc:129:15: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
int len = sprintf(x, "%.12g", d);
data/xmahjongg-3.7/liblcdf/string.cc:69:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmahjongg-3.7/liblcdf/string.cc:70:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%d", i);
data/xmahjongg-3.7/liblcdf/string.cc:76:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmahjongg-3.7/liblcdf/string.cc:77:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%u", u);
data/xmahjongg-3.7/liblcdf/string.cc:83:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmahjongg-3.7/liblcdf/string.cc:84:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%ld", d);
data/xmahjongg-3.7/liblcdf/string.cc:90:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmahjongg-3.7/liblcdf/string.cc:91:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%lu", u);
data/xmahjongg-3.7/liblcdf/string.cc:97:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[128];
data/xmahjongg-3.7/liblcdf/string.cc:98:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "%.12g", d);
data/xmahjongg-3.7/liblcdf/string.cc:173:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_memo->_real_data, str, len);
data/xmahjongg-3.7/liblcdf/string.cc:213:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_data, _data, _length);
data/xmahjongg-3.7/liblcdf/string.cc:233:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(space, suffix, suffix_len);
data/xmahjongg-3.7/liblcdf/string.cc:426:6: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buf, "\\%03o", x[pos]);
data/xmahjongg-3.7/liblcdf/string.cc:500:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy((char *)s._data + n - offset, _data, _length);
data/xmahjongg-3.7/liblcdf/vectorv.cc:42:6: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(_l, o._l, sizeof(void *) * _n);
data/xmahjongg-3.7/liblcdf/vectorv.cc:68:5: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(new_l, _l, sizeof(void*) * _n);
data/xmahjongg-3.7/src/game.cc:328:41: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (_tiles[i]->real() && _tiles[i]->open()) {
data/xmahjongg-3.7/src/game.cc:497:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[BUFSIZ];
data/xmahjongg-3.7/src/game.cc:513:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[BUFSIZ];
data/xmahjongg-3.7/src/game.cc:557:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(filename, "r");
data/xmahjongg-3.7/src/hint.cc:74:33: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t[i]->real() && t[i]->open() && t[i]->match() == tileclass)
data/xmahjongg-3.7/src/main.cc:235:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[100];
data/xmahjongg-3.7/src/main.cc:408:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *f = fopen(buf, "rb");
data/xmahjongg-3.7/src/main.cc:410:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen(tileset_name, "rb");
data/xmahjongg-3.7/src/main.cc:483:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
FILE *normal_f = fopen(buf, "rb");
data/xmahjongg-3.7/src/main.cc:485:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
normal_f = fopen(background_name, "rb");
data/xmahjongg-3.7/src/main.cc:715:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char *woog[2];
data/xmahjongg-3.7/src/panel.cc:207:28: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t[j]->real() && t[j]->open() && t[j]->match() == i)
data/xmahjongg-3.7/src/panel.cc:230:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!t->open()) {
data/xmahjongg-3.7/src/solution.cc:110:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cur_move.m1->open() || !cur_move.m2->open())
data/xmahjongg-3.7/src/solution.cc:110:47: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (!cur_move.m1->open() || !cur_move.m2->open())
data/xmahjongg-3.7/src/solvable.cc:33:31: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
INVALID(t) ? '-' : 'O', !t->open() ? 'X' : '-');
data/xmahjongg-3.7/src/solvable.cc:144:27: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (t->real() && t->open() && !INVALID(t)) {
data/xmahjongg-3.7/src/traverse.cc:202:25: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (_horizontal[i]->open() && _horizontal[i]->real()) {
data/xmahjongg-3.7/src/traverse.cc:218:39: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (tiles[i]->real() && tiles[i]->open())
data/xmahjongg-3.7/src/traverse.cc:220:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (_cursor && (!_cursor->real() || !_cursor->open()))
data/xmahjongg-3.7/src/traverse.cc:291:23: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (_vertical[i]->open() && _vertical[i]->real()) {
data/xmahjongg-3.7/src/xmj3ts.cc:67:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
search_picture_names = new const char *[npictures];
data/xmahjongg-3.7/src/xmj3ts.cc:83:36: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
search_picture_names = new const char *[npictures];
data/xmahjongg-3.7/liblcdf/clp.c:420:72: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
&& (!preferred || strncmp(opt[which].long_name, opt[j].long_name, strlen(opt[which].long_name)) != 0))
data/xmahjongg-3.7/liblcdf/clp.c:615:9: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(arg) > 5 || strchr(arg, '=') != 0)
data/xmahjongg-3.7/liblcdf/clp.c:823:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str_in);
data/xmahjongg-3.7/liblcdf/clp.c:1399:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/xmahjongg-3.7/liblcdf/clp.c:1581:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(what);
data/xmahjongg-3.7/liblcdf/fixlibc.c:21:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s) + 1;
data/xmahjongg-3.7/liblcdf/giffunc.c:143:7: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
l = strlen(s);
data/xmahjongg-3.7/liblcdf/giffunc.c:190:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xlen < 0) xlen = strlen(x);
data/xmahjongg-3.7/liblcdf/giffunc.c:202:24: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (xlen < 0) xlen = strlen(x);
data/xmahjongg-3.7/liblcdf/gifread.c:85:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int i = getc(grr->f);
data/xmahjongg-3.7/liblcdf/gifread.c:104:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(grr->f);
data/xmahjongg-3.7/liblcdf/giftoc.c:37:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xmahjongg-3.7/liblcdf/giftoc.c:100:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xmahjongg-3.7/liblcdf/giftoc.c:115:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xmahjongg-3.7/liblcdf/giftoc.c:120:9: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xmahjongg-3.7/liblcdf/giftoc.c:153:22: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (directory[ strlen(directory) - 1 ] != PATHNAME_SEPARATOR
data/xmahjongg-3.7/liblcdf/giftoc.c:155:37: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *ndirectory = (char *)fmalloc(strlen(directory) + 2);
data/xmahjongg-3.7/liblcdf/giftoc.c:179:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xmahjongg-3.7/liblcdf/giftoc.c:179:57: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
char *file_name = (char *)fmalloc(strlen(argv[0]) + strlen(directory) + 1);
data/xmahjongg-3.7/liblcdf/giftoc.c:194:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
sout = rec_name = (char *)fmalloc(strlen(sin) + 2);
data/xmahjongg-3.7/liblcdf/permstr.cc:118:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
length = (s ? strlen(s) : 0);
data/xmahjongg-3.7/liblcdf/permstr.cc:165:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int l = strlen(b);
data/xmahjongg-3.7/liblcdf/permstr.cc:215:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append(s, strlen(s));
data/xmahjongg-3.7/liblcdf/permstr.cc:253:16: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
append(x, strlen(x));
data/xmahjongg-3.7/liblcdf/string.cc:117:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = (str ? strlen(str) : 0);
data/xmahjongg-3.7/liblcdf/string.cc:158:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(str);
data/xmahjongg-3.7/liblcdf/string.cc:230:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
suffix_len = strlen(suffix);
data/xmahjongg-3.7/liblcdf/string.cc:465:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/xmahjongg-3.7/liblcdf/string.cc:478:8: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen(s);
data/xmahjongg-3.7/src/game.cc:469:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(f);
data/xmahjongg-3.7/src/game.cc:470:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c != '\n' && c != EOF) c = getc(f);
data/xmahjongg-3.7/src/game.cc:472:7: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(f);
data/xmahjongg-3.7/src/game.cc:473:37: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (c != '\n' && c != EOF) c = getc(f);
data/xmahjongg-3.7/src/game.cc:479:25: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (isspace(c)) c = getc(f);
data/xmahjongg-3.7/src/game.cc:561:11: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
int c = getc(f);
data/xmahjongg-3.7/src/main.cc:160:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int kill_suffix_len = (kill_suffix ? strlen(kill_suffix) : 0);
data/xmahjongg-3.7/src/main.cc:164:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(dp->d_name); // d_namlen isn't portable.
data/xmahjongg-3.7/src/main.cc:204:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(config_dir) + 13;
data/xmahjongg-3.7/src/main.cc:403:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(tileset_name) + strlen(config_dir) + 15;
data/xmahjongg-3.7/src/main.cc:403:36: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(tileset_name) + strlen(config_dir) + 15;
data/xmahjongg-3.7/src/main.cc:478:13: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(background_name) + strlen(config_dir) + 21;
data/xmahjongg-3.7/src/main.cc:478:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(background_name) + strlen(config_dir) + 21;
data/xmahjongg-3.7/src/main.cc:683:17: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(layout_name) + strlen(config_dir) + 10;
data/xmahjongg-3.7/src/main.cc:683:39: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
int len = strlen(layout_name) + strlen(config_dir) + 10;
ANALYSIS SUMMARY:
Hits = 144
Lines analyzed = 11732 in approximately 0.30 seconds (38920 lines/second)
Physical Source Lines of Code (SLOC) = 9130
Hits@level = [0] 46 [1] 44 [2] 80 [3] 0 [4] 20 [5] 0
Hits@level+ = [0+] 190 [1+] 144 [2+] 100 [3+] 20 [4+] 20 [5+] 0
Hits/KSLOC@level+ = [0+] 20.8105 [1+] 15.7722 [2+] 10.9529 [3+] 2.19058 [4+] 2.19058 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.