Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/xsoldier-1.8/boss.c Examining data/xsoldier-1.8/callback.c Examining data/xsoldier-1.8/common.c Examining data/xsoldier-1.8/ending.c Examining data/xsoldier-1.8/enemy.c Examining data/xsoldier-1.8/enemyshot.c Examining data/xsoldier-1.8/game.c Examining data/xsoldier-1.8/graphic.c Examining data/xsoldier-1.8/image.c Examining data/xsoldier-1.8/input.c Examining data/xsoldier-1.8/joystick.c Examining data/xsoldier-1.8/opening.c Examining data/xsoldier-1.8/player.c Examining data/xsoldier-1.8/sin.c Examining data/xsoldier-1.8/star.c Examining data/xsoldier-1.8/boss.h Examining data/xsoldier-1.8/callback.h Examining data/xsoldier-1.8/common.h Examining data/xsoldier-1.8/ending.h Examining data/xsoldier-1.8/enemy.h Examining data/xsoldier-1.8/enemyshot.h Examining data/xsoldier-1.8/extern.h Examining data/xsoldier-1.8/game.h Examining data/xsoldier-1.8/graphic.h Examining data/xsoldier-1.8/image.h Examining data/xsoldier-1.8/input.h Examining data/xsoldier-1.8/joystick.h Examining data/xsoldier-1.8/key.h Examining data/xsoldier-1.8/manage.h Examining data/xsoldier-1.8/opening.h Examining data/xsoldier-1.8/player.h Examining data/xsoldier-1.8/score.h Examining data/xsoldier-1.8/sin.h Examining data/xsoldier-1.8/star.h Examining data/xsoldier-1.8/version.h Examining data/xsoldier-1.8/xsoldier.h Examining data/xsoldier-1.8/main.c Examining data/xsoldier-1.8/manage.c Examining data/xsoldier-1.8/score.c FINAL RESULTS: data/xsoldier-1.8/manage.c:397:5: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(New->Rec[0].name,name); data/xsoldier-1.8/main.c:411:5: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand((unsigned)time(NULL)); data/xsoldier-1.8/xsoldier.h:28:10: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define srand(x) srand48((long)x) data/xsoldier-1.8/xsoldier.h:29:17: [3] (random) lrand48: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. # define rand() lrand48() data/xsoldier-1.8/extern.h:118:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. EXTERN char display[32]; data/xsoldier-1.8/game.c:269:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Percent[32]; data/xsoldier-1.8/game.c:270:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Bonus[32]; data/xsoldier-1.8/game.c:271:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char Perfect[32]; data/xsoldier-1.8/game.c:278:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Percent,"shoot down %02d%%",player->Percent); data/xsoldier-1.8/game.c:282:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Bonus,"Bonus %d pts", shoot_down_bonus(player->Percent, manage->Loop, manage->Stage)); data/xsoldier-1.8/game.c:288:7: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Perfect,"Perfect!!"); data/xsoldier-1.8/game.c:319:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Score[64]; data/xsoldier-1.8/game.c:320:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Ships[16]; data/xsoldier-1.8/game.c:321:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Stage[16]; data/xsoldier-1.8/game.c:323:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ObjectP[32]; data/xsoldier-1.8/game.c:324:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char ObjectE[32]; data/xsoldier-1.8/game.c:325:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Loop[16]; data/xsoldier-1.8/game.c:326:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Level[16]; data/xsoldier-1.8/game.c:327:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Weapon[16]; data/xsoldier-1.8/game.c:328:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Pow[16]; data/xsoldier-1.8/game.c:329:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Speed[16]; data/xsoldier-1.8/game.c:330:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char Enemy[16]; data/xsoldier-1.8/game.c:331:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char EnemyKill[16]; data/xsoldier-1.8/game.c:333:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char EnemyHP[5]; data/xsoldier-1.8/game.c:334:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char BossTime[16]; data/xsoldier-1.8/game.c:338:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Score,"Score % 8d",player->Rec[0].score); data/xsoldier-1.8/game.c:339:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Stage,"Stage %2d",manage->Stage); data/xsoldier-1.8/game.c:340:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Ships,"Ships %3d",player->Ships); data/xsoldier-1.8/game.c:342:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ObjectE,"Enemy Object %3d",manage->EnemyNum); data/xsoldier-1.8/game.c:343:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(ObjectP,"Player Object %3d",manage->PlayerNum); data/xsoldier-1.8/game.c:344:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Loop,"Loop %2d",manage->Loop); data/xsoldier-1.8/game.c:345:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Level,"Level %3d",manage->Level); data/xsoldier-1.8/game.c:346:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Weapon,"Weapon %d",manage->player[0]->Data.Cnt[5]); data/xsoldier-1.8/game.c:347:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Pow,"Pow %2d",manage->player[0]->Data.Cnt[6]); data/xsoldier-1.8/game.c:348:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Speed,"Speed %2d",manage->player[0]->Data.Speed); data/xsoldier-1.8/game.c:349:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(Enemy,"Enemy %3d",manage->StageEnemy); data/xsoldier-1.8/game.c:350:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(EnemyKill,"EnemyKill %3d",manage->StageShotDown); data/xsoldier-1.8/joystick.c:47:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd=open("/dev/js0",O_RDONLY)) == -1) data/xsoldier-1.8/joystick.c:50:10: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd=open("/dev/js1",O_RDONLY)) == -1) data/xsoldier-1.8/main.c:53:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char command[32]; data/xsoldier-1.8/manage.c:370:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/xsoldier-1.8/opening.c:87:6: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[64]; data/xsoldier-1.8/opening.c:98:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff,"%2d-%2d",player->Rec[i].loop, data/xsoldier-1.8/opening.c:101:3: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buff,"%8d",player->Rec[i].score); data/xsoldier-1.8/score.c:44:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buff[BUFSIZ]; data/xsoldier-1.8/score.c:50:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[32]; data/xsoldier-1.8/score.c:60:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(SCORE "/" SCOREFILE, "r")) == NULL) data/xsoldier-1.8/score.c:221:13: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fp = fopen(SCORE "/" SCOREFILE,"w")) == NULL) data/xsoldier-1.8/xsoldier.h:158:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/xsoldier-1.8/ending.c:96:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stuff[i][0], strlen(stuff[i][0])); data/xsoldier-1.8/ending.c:98:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stuff[i][1], strlen(stuff[i][1])); data/xsoldier-1.8/ending.c:103:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stuff[i][0], strlen(stuff[i][0])); data/xsoldier-1.8/ending.c:105:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). stuff[i][1], strlen(stuff[i][1])); data/xsoldier-1.8/ending.c:115:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len >= strlen(msg[manage->Loop-1])) data/xsoldier-1.8/ending.c:118:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Press space key")); data/xsoldier-1.8/ending.c:119:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msg[manage->Loop-1]); data/xsoldier-1.8/ending.c:126:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). if (len >= strlen(msg[2])) data/xsoldier-1.8/ending.c:129:31: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Press space key")); data/xsoldier-1.8/ending.c:130:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). len = strlen(msg[2]); data/xsoldier-1.8/game.c:113:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(235, 280, "Pause", strlen("Pause")); data/xsoldier-1.8/game.c:114:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 300, "Press [", strlen("Press [")); data/xsoldier-1.8/game.c:115:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(230, 300, pauseKey, strlen(pauseKey)); data/xsoldier-1.8/game.c:117:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("] to resume game")); data/xsoldier-1.8/game.c:258:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(440, 620, "1UP", strlen("1UP")); data/xsoldier-1.8/game.c:265:46: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(230, 300, "Game Over", strlen("Game Over")); data/xsoldier-1.8/game.c:279:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(210, 370, Percent, strlen(Percent)); data/xsoldier-1.8/game.c:284:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Bonus, strlen(Bonus)); data/xsoldier-1.8/game.c:290:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). Perfect, strlen(Perfect)); data/xsoldier-1.8/game.c:296:48: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(200 ,370 ,Percent, strlen(Percent)); data/xsoldier-1.8/game.c:301:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(StageName[manage->Stage-1])); data/xsoldier-1.8/game.c:353:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 20, Score, strlen(Score)); data/xsoldier-1.8/game.c:354:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 20, Stage, strlen(Stage)); data/xsoldier-1.8/game.c:355:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 640, Ships, strlen(Ships)); data/xsoldier-1.8/game.c:357:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 40, ObjectE, strlen(ObjectE)); data/xsoldier-1.8/game.c:358:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 60, ObjectP, strlen(ObjectP)); data/xsoldier-1.8/game.c:359:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 80, Level, strlen(Level)); data/xsoldier-1.8/game.c:360:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 100, Enemy, strlen(Enemy)); data/xsoldier-1.8/game.c:361:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(10, 120, EnemyKill, strlen(EnemyKill)); data/xsoldier-1.8/game.c:362:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 60, Loop, strlen(Loop)); data/xsoldier-1.8/game.c:363:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 580, Weapon, strlen(Weapon)); data/xsoldier-1.8/game.c:364:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 600, Pow, strlen(Pow)); data/xsoldier-1.8/game.c:365:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 620, Speed, strlen(Speed)); data/xsoldier-1.8/game.c:378:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). EnemyHP, strlen(EnemyHP)); data/xsoldier-1.8/game.c:384:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(430, 40, BossTime, strlen(BossTime)); data/xsoldier-1.8/joystick.c:87:10: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). if ((read(fd,&js,JS_RETURN)) == JS_RETURN) data/xsoldier-1.8/main.c:163:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(command,argv0, sizeof(command)/sizeof(command[0]) - 1); data/xsoldier-1.8/main.c:171:15: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(display,argv[i + 1],sizeof(display)/sizeof(display[0])); data/xsoldier-1.8/manage.c:379:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(name,pw->pw_name,sizeof(name)/sizeof(name[0])); data/xsoldier-1.8/opening.c:72:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(410, 210, "Ver. " VERSION, strlen("Ver. " VERSION)); data/xsoldier-1.8/opening.c:73:32: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(410, 225, UPDATE, strlen(UPDATE)); data/xsoldier-1.8/opening.c:78:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Press [SPACE KEY] to start")); data/xsoldier-1.8/opening.c:81:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Press [Joystick BUTTON] to start")); data/xsoldier-1.8/opening.c:90:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Top 10 Soldiers")); data/xsoldier-1.8/opening.c:91:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(120, 320, "Name", strlen("Name")); data/xsoldier-1.8/opening.c:92:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(270, 320, "Stage", strlen("Stage")); data/xsoldier-1.8/opening.c:93:44: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(350, 320, "Score", strlen("Score")); data/xsoldier-1.8/opening.c:97:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(player->Rec[i].name)); data/xsoldier-1.8/opening.c:100:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(270, 330+i*25, buff, strlen(buff)); data/xsoldier-1.8/opening.c:102:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(350, 330+i*25, buff, strlen(buff)); data/xsoldier-1.8/opening.c:107:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(220, 270, "How To Play", strlen("How To Play")); data/xsoldier-1.8/opening.c:108:34: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 330, "Up", strlen("Up")); data/xsoldier-1.8/opening.c:109:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 330, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:110:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 330, upKey, strlen(upKey)); data/xsoldier-1.8/opening.c:111:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 355, "Down", strlen("Down")); data/xsoldier-1.8/opening.c:112:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 355, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:113:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 355, downKey, strlen(downKey)); data/xsoldier-1.8/opening.c:114:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 380, "Left", strlen("Left")); data/xsoldier-1.8/opening.c:115:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 380, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:116:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 380, leftKey, strlen(leftKey)); data/xsoldier-1.8/opening.c:117:43: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 405, "Right",strlen("Right")); data/xsoldier-1.8/opening.c:118:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 405, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:119:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 405, rightKey, strlen(rightKey)); data/xsoldier-1.8/opening.c:120:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 430, "Shot", strlen("Shot")); data/xsoldier-1.8/opening.c:121:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 430, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:122:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 430, shotKey, strlen(shotKey)); data/xsoldier-1.8/opening.c:123:40: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 455, "Speed up", strlen("Speed up")); data/xsoldier-1.8/opening.c:124:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 455, " .... ",strlen(" .... ")); data/xsoldier-1.8/opening.c:125:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 455, spdupKey, strlen(spdupKey)); data/xsoldier-1.8/opening.c:126:42: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 480, "Speed down", strlen("Speed down")); data/xsoldier-1.8/opening.c:127:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 480, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:128:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 480, spdwnKey, strlen(spdwnKey)); data/xsoldier-1.8/opening.c:129:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 505, "Pause", strlen("Pause")); data/xsoldier-1.8/opening.c:130:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 505, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:131:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 505, pauseKey, strlen(pauseKey)); data/xsoldier-1.8/opening.c:132:36: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 530, "Quit", strlen("Quit")); data/xsoldier-1.8/opening.c:133:38: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(260, 530, " .... ", strlen(" .... ")); data/xsoldier-1.8/opening.c:134:37: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(300, 530, quitKey, strlen(quitKey)); data/xsoldier-1.8/opening.c:137:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Debug-only Commands")); data/xsoldier-1.8/opening.c:138:45: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). draw_string(180, 575, "Change Weapon", strlen("Change Weapon")); data/xsoldier-1.8/opening.c:140:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(weaponchangeKey)); data/xsoldier-1.8/opening.c:142:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen("Clear Enemy Shots")); data/xsoldier-1.8/opening.c:144:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). strlen(clearenemyshotKey)); data/xsoldier-1.8/score.c:70:9: [1] (buffer) sscanf: It's unclear if the %s limit in the format string is small enough (CWE-120). Check that the limit is sufficiently small, or use a different input function. if (sscanf(buff, "%d %d %d %31s", &score, &loop, &stage, name) == 4) data/xsoldier-1.8/score.c:85:7: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(rec[i].name, name, sizeof(rec[i].name)/sizeof(rec[i].name[0])); data/xsoldier-1.8/score.c:196:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p->Rec[i].name, p->Rec[i - 1].name, sizeof(p->Rec[i].name)/sizeof(p->Rec[i].name[0])); data/xsoldier-1.8/score.c:206:3: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(p->Rec[rank].name, p->Rec[0].name, sizeof(p->Rec[rank].name)/sizeof(p->Rec[rank].name[0])); ANALYSIS SUMMARY: Hits = 136 Lines analyzed = 7721 in approximately 0.21 seconds (36074 lines/second) Physical Source Lines of Code (SLOC) = 5974 Hits@level = [0] 89 [1] 87 [2] 45 [3] 3 [4] 1 [5] 0 Hits@level+ = [0+] 225 [1+] 136 [2+] 49 [3+] 4 [4+] 1 [5+] 0 Hits/KSLOC@level+ = [0+] 37.6632 [1+] 22.7653 [2+] 8.20221 [3+] 0.669568 [4+] 0.167392 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.