Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/black-box-1.4.8/src/SFont.c
Examining data/black-box-1.4.8/src/SFont.h
Examining data/black-box-1.4.8/src/blackbox.c
FINAL RESULTS:
data/black-box-1.4.8/src/SFont.c:214:7: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text,"%s%c",text,ch);
data/black-box-1.4.8/src/blackbox.c:124:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/gfx/%s",DATAPATH,datafile);
data/black-box-1.4.8/src/blackbox.c:127:5: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(DATAPATH,PATH[i]);
data/black-box-1.4.8/src/blackbox.c:128:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(filename,"%s/gfx/%s",DATAPATH,datafile);
data/black-box-1.4.8/src/blackbox.c:893:5: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text,"%s/sound/ein1.mod",DATAPATH);
data/black-box-1.4.8/src/blackbox.c:911:3: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(text,"%s/font.scl",DATAPATH);
data/black-box-1.4.8/src/blackbox.c:575:5: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(level_num);
data/black-box-1.4.8/src/blackbox.c:50:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[80];
data/black-box-1.4.8/src/blackbox.c:51:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char xline[9];
data/black-box-1.4.8/src/blackbox.c:52:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char yline[11];
data/black-box-1.4.8/src/blackbox.c:53:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char think[12][9];
data/black-box-1.4.8/src/blackbox.c:54:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char light[11][9];
data/black-box-1.4.8/src/blackbox.c:55:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char real[12][9];
data/black-box-1.4.8/src/blackbox.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char DATAPATH[200]=DATADIR;
data/black-box-1.4.8/src/blackbox.c:59:7: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
const char PATH[PATHNUM][200]={DATADIR,".","data","../data",DATADIR};
data/black-box-1.4.8/src/blackbox.c:121:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[200];
data/black-box-1.4.8/src/blackbox.c:202:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"demo%d.gif",i+1);
data/black-box-1.4.8/src/blackbox.c:231:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[100];
data/black-box-1.4.8/src/blackbox.c:239:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"Level %d",level_num);
data/black-box-1.4.8/src/blackbox.c:257:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
{i++;level_num=atoi(argv[i])%100000;printf("starting with level #%d\n",level_num);LevelGiven=1;} else
data/black-box-1.4.8/src/blackbox.c:399:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
output calc_out(char map[12][9],int x,int y,int dir)
data/black-box-1.4.8/src/blackbox.c:597:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"Black-Box: Level #%d",level_num);
data/black-box-1.4.8/src/blackbox.c:617:3: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char text[30];
data/black-box-1.4.8/src/blackbox.c:619:3: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(text,"%d",numb);
data/black-box-1.4.8/src/SFont.c:211:20: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if ((ch=='\b')&&(strlen(text)>0))
data/black-box-1.4.8/src/SFont.c:212:12: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text[strlen(text)-1]='\0';
data/black-box-1.4.8/src/SFont.c:215:53: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (TextWidth2(Font,text)>PixelWidth) text[strlen(text)-1]='\0';
data/black-box-1.4.8/src/SFont.c:240:10: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
text[strlen(text)]='\0';
ANALYSIS SUMMARY:
Hits = 28
Lines analyzed = 1257 in approximately 0.05 seconds (27230 lines/second)
Physical Source Lines of Code (SLOC) = 1035
Hits@level = [0] 18 [1] 4 [2] 17 [3] 1 [4] 6 [5] 0
Hits@level+ = [0+] 46 [1+] 28 [2+] 24 [3+] 7 [4+] 6 [5+] 0
Hits/KSLOC@level+ = [0+] 44.4444 [1+] 27.0531 [2+] 23.1884 [3+] 6.76329 [4+] 5.7971 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.