Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/empire-1.15/attack.c
Examining data/empire-1.15/compmove.c
Examining data/empire-1.15/data.c
Examining data/empire-1.15/display.c
Examining data/empire-1.15/edit.c
Examining data/empire-1.15/empire.c
Examining data/empire-1.15/empire.h
Examining data/empire-1.15/extern.h
Examining data/empire-1.15/game.c
Examining data/empire-1.15/main.c
Examining data/empire-1.15/map.c
Examining data/empire-1.15/math.c
Examining data/empire-1.15/object.c
Examining data/empire-1.15/term.c
Examining data/empire-1.15/usermove.c
Examining data/empire-1.15/util.c
FINAL RESULTS:
data/empire-1.15/display.c:716:5: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(junkbuf, str, ap);
data/empire-1.15/edit.c:571:13: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (temp_buf, "%c:%s; ",
data/empire-1.15/edit.c:578:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
(void) strcat (func_buf, temp_buf);
data/empire-1.15/edit.c:581:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (junk_buf2,
data/empire-1.15/object.c:473:17: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
else (void) sprintf (func, func_name[FUNCI(obj->func)]);
data/empire-1.15/term.c:66:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(junkbuf, sizeof(junkbuf), fmt, varglist);
data/empire-1.15/term.c:198:5: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(my_stream, fmt, varglist);
data/empire-1.15/usermove.c:945:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (jnkbuf, "Your %s broke up on shore.",
data/empire-1.15/util.c:33:12: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
(void) sprintf (buf, "assert failed: file %s line %d: %s",
data/empire-1.15/main.c:55:17: [3] (buffer) getopt:
Some older implementations do not protect against internal buffer overflows
(CWE-120, CWE-20). Check implementation on installation, or limit the size
of all string inputs.
while ((c = getopt (argc, argv, OPTFLAGS)) != EOF) {
data/empire-1.15/math.c:30:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand((unsigned)(time(0) & 0xFFFF));
data/empire-1.15/attack.c:142:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRSIZE];
data/empire-1.15/attack.c:143:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf2[STRSIZE];
data/empire-1.15/compmove.c:51:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (emap, comp_map, MAP_SIZE * sizeof (view_map_t));
data/empire-1.15/compmove.c:589:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (xmap, vmap, sizeof (view_map_t) * MAP_SIZE);
data/empire-1.15/compmove.c:637:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (xmap, vmap, sizeof (view_map_t) * MAP_SIZE);
data/empire-1.15/compmove.c:684:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (xmap, vmap, sizeof (view_map_t) * MAP_SIZE);
data/empire-1.15/compmove.c:874:13: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (amap, comp_map, MAP_SIZE * sizeof (view_map_t));
data/empire-1.15/compmove.c:955:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (amap, comp_map, MAP_SIZE * sizeof (view_map_t));
data/empire-1.15/display.c:300:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf, "Sector %d Round %ld", sector, date);
data/empire-1.15/display.c:712:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junkbuf[STRSIZE];
data/empire-1.15/edit.c:540:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func_buf[STRSIZE];
data/empire-1.15/edit.c:541:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char temp_buf[STRSIZE];
data/empire-1.15/edit.c:542:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junk_buf2[STRSIZE];
data/empire-1.15/edit.c:557:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf, "1 fighter landed, 1 ship docked");
data/empire-1.15/edit.c:559:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf, "1 fighter landed, %d ships docked", s);
data/empire-1.15/edit.c:561:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf, "%d fighters landed, 1 ship docked", f);
data/empire-1.15/edit.c:563:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf, "%d fighters landed, %d ships docked", f, s);
data/empire-1.15/edit.c:574:14: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
else (void) sprintf (temp_buf, "%c: %d;",
data/empire-1.15/empire.c:298:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char line[MAP_HEIGHT+2];
data/empire-1.15/empire.c:303:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (jnkbuf, "w");
data/empire-1.15/empire.h:176:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[20]; /* eg "aircraft carrier" */
data/empire-1.15/empire.h:177:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char nickname[20]; /* eg "carrier" */
data/empire-1.15/empire.h:178:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char article[20]; /* eg "an aircraft carrier" */
data/empire-1.15/empire.h:179:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char plural[20]; /* eg "aircraft carriers" */
data/empire-1.15/empire.h:180:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char terrain[4]; /* terrain piece can pass over eg "." */
data/empire-1.15/extern.h:81:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char jnkbuf[STRSIZE]; /* general purpose temporary buffer */
data/empire-1.15/game.c:319:12: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (jnkbuf,
data/empire-1.15/game.c:516:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buf[32];
data/empire-1.15/game.c:522:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (savefile, "w"); /* open for output */
data/empire-1.15/game.c:566:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen (savefile, "r"); /* open for input */
data/empire-1.15/game.c:727:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char mapbuf[MAP_SIZE];
data/empire-1.15/game.c:736:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("empmovie.dat", "a"); /* open for append */
data/empire-1.15/game.c:772:9: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
f = fopen ("empmovie.dat", "r"); /* open for input */
data/empire-1.15/main.c:58:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wflg = atoi (optarg);
data/empire-1.15/main.c:61:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
sflg = atoi (optarg);
data/empire-1.15/main.c:64:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
dflg = atoi (optarg);
data/empire-1.15/main.c:67:13: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Sflg = atoi (optarg);
data/empire-1.15/map.c:497:12: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy ((char *)pmap, (char *)pmap_init, sizeof (pmap_init));
data/empire-1.15/object.c:469:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char func[STRSIZE];
data/empire-1.15/object.c:470:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char other[STRSIZE];
data/empire-1.15/object.c:472:32: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
if (obj->func >= 0) (void) sprintf (func, "%d", loc_disp(obj->func));
data/empire-1.15/object.c:479:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (other,"; range = %d",obj->range);
data/empire-1.15/object.c:483:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (other,"; armies = %d",obj->count);
data/empire-1.15/object.c:487:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
(void) sprintf (other,"; fighters = %d",obj->count);
data/empire-1.15/term.c:61:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char junkbuf[STRSIZE];
data/empire-1.15/term.c:193:20: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if(!(my_stream=fopen("info_list.txt","a")))
data/empire-1.15/term.c:265:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRSIZE];
data/empire-1.15/term.c:281:19: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
else return (atoi (buf));
data/empire-1.15/usermove.c:311:9: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
(void) memcpy (amap, user_map, sizeof (view_map_t) * MAP_SIZE);
data/empire-1.15/util.c:28:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[STRSIZE];
data/empire-1.15/map.c:1053:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
len = strlen (adj_char);
ANALYSIS SUMMARY:
Hits = 62
Lines analyzed = 8392 in approximately 0.28 seconds (30282 lines/second)
Physical Source Lines of Code (SLOC) = 5346
Hits@level = [0] 8 [1] 1 [2] 50 [3] 2 [4] 9 [5] 0
Hits@level+ = [0+] 70 [1+] 62 [2+] 61 [3+] 11 [4+] 9 [5+] 0
Hits/KSLOC@level+ = [0+] 13.0939 [1+] 11.5975 [2+] 11.4104 [3+] 2.05761 [4+] 1.6835 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.