Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/enemylines7-0.6/block/blockinfo.cc Examining data/enemylines7-0.6/block/blockinfo.h Examining data/enemylines7-0.6/block/block.cc Examining data/enemylines7-0.6/block/block.h Examining data/enemylines7-0.6/block/cacher.cc Examining data/enemylines7-0.6/block/cacher.h Examining data/enemylines7-0.6/block/collider.cc Examining data/enemylines7-0.6/block/collider.h Examining data/enemylines7-0.6/block/cube.cc Examining data/enemylines7-0.6/block/cube.h Examining data/enemylines7-0.6/block/debugger.cc Examining data/enemylines7-0.6/block/debugger.h Examining data/enemylines7-0.6/block/destructor.cc Examining data/enemylines7-0.6/block/destructor.h Examining data/enemylines7-0.6/block/infostack.cc Examining data/enemylines7-0.6/block/infostack.h Examining data/enemylines7-0.6/block/map2.cc Examining data/enemylines7-0.6/block/map2.h Examining data/enemylines7-0.6/block/merger.cc Examining data/enemylines7-0.6/block/merger.h Examining data/enemylines7-0.6/block/painter3.cc Examining data/enemylines7-0.6/block/painter3.h Examining data/enemylines7-0.6/block/painter6.cc Examining data/enemylines7-0.6/block/painter6.h Examining data/enemylines7-0.6/block/selector2.cc Examining data/enemylines7-0.6/block/selector2.h Examining data/enemylines7-0.6/block/material.cc Examining data/enemylines7-0.6/block/material.h Examining data/enemylines7-0.6/models/biosphere.cc Examining data/enemylines7-0.6/models/bomb.cc Examining data/enemylines7-0.6/models/bunker.cc Examining data/enemylines7-0.6/models/displaylists.cc Examining data/enemylines7-0.6/models/plane1.cc Examining data/enemylines7-0.6/models/plane2.cc Examining data/enemylines7-0.6/models/slope1_1.cc Examining data/enemylines7-0.6/models/slope1_2.cc Examining data/enemylines7-0.6/models/slope1.cc Examining data/enemylines7-0.6/models/slope2_1.cc Examining data/enemylines7-0.6/models/slope2_2.cc Examining data/enemylines7-0.6/models/slope3_1.cc Examining data/enemylines7-0.6/models/slope3_2.cc Examining data/enemylines7-0.6/models/slope4_1.cc Examining data/enemylines7-0.6/models/slope4_2.cc Examining data/enemylines7-0.6/models/sphere.cc Examining data/enemylines7-0.6/models/station.cc Examining data/enemylines7-0.6/models/tower.cc Examining data/enemylines7-0.6/models/all.h Examining data/enemylines7-0.6/models/biosphere.h Examining data/enemylines7-0.6/models/bomb.h Examining data/enemylines7-0.6/models/bunker.h Examining data/enemylines7-0.6/models/displaylists.h Examining data/enemylines7-0.6/models/plane1.h Examining data/enemylines7-0.6/models/plane2.h Examining data/enemylines7-0.6/models/slope1_1.h Examining data/enemylines7-0.6/models/slope1_2.h Examining data/enemylines7-0.6/models/slope1.h Examining data/enemylines7-0.6/models/slope2_1.h Examining data/enemylines7-0.6/models/slope2_2.h Examining data/enemylines7-0.6/models/slope3_1.h Examining data/enemylines7-0.6/models/slope3_2.h Examining data/enemylines7-0.6/models/slope4_1.h Examining data/enemylines7-0.6/models/slope4_2.h Examining data/enemylines7-0.6/models/sphere.h Examining data/enemylines7-0.6/models/station.h Examining data/enemylines7-0.6/models/tower.h Examining data/enemylines7-0.6/tweak/tweak_release.cc Examining data/enemylines7-0.6/tweak/tweak_release.h Examining data/enemylines7-0.6/tweak/tweak.h Examining data/enemylines7-0.6/math/frustum.cc Examining data/enemylines7-0.6/math/quaternion.cc Examining data/enemylines7-0.6/math/box3_tpl.h Examining data/enemylines7-0.6/math/c4_tpl.h Examining data/enemylines7-0.6/math/frustum.h Examining data/enemylines7-0.6/math/matrix4_tpl.h Examining data/enemylines7-0.6/math/mymath.h Examining data/enemylines7-0.6/math/quaternion.h Examining data/enemylines7-0.6/math/c3_tpl.h Examining data/enemylines7-0.6/elements/energy.cc Examining data/enemylines7-0.6/elements/energy.h Examining data/enemylines7-0.6/elements/interval.cc Examining data/enemylines7-0.6/elements/interval.h Examining data/enemylines7-0.6/elements/score.cc Examining data/enemylines7-0.6/elements/score.h Examining data/enemylines7-0.6/elements/difficulty.cc Examining data/enemylines7-0.6/elements/difficulty.h Examining data/enemylines7-0.6/elements/timeleft.cc Examining data/enemylines7-0.6/elements/timeleft.h Examining data/enemylines7-0.6/audio.cc Examining data/enemylines7-0.6/config.cc Examining data/enemylines7-0.6/container.cc Examining data/enemylines7-0.6/entity.cc Examining data/enemylines7-0.6/floor.cc Examining data/enemylines7-0.6/font_data.cc Examining data/enemylines7-0.6/font_ogl.cc Examining data/enemylines7-0.6/formation.cc Examining data/enemylines7-0.6/game.cc Examining data/enemylines7-0.6/help.cc Examining data/enemylines7-0.6/light.cc Examining data/enemylines7-0.6/menu.cc Examining data/enemylines7-0.6/position.cc Examining data/enemylines7-0.6/radio.cc Examining data/enemylines7-0.6/skybox.cc Examining data/enemylines7-0.6/tex.cc Examining data/enemylines7-0.6/util.cc Examining data/enemylines7-0.6/audio.h Examining data/enemylines7-0.6/config.h Examining data/enemylines7-0.6/container.h Examining data/enemylines7-0.6/coordinate.h Examining data/enemylines7-0.6/entity.h Examining data/enemylines7-0.6/entitytype.h Examining data/enemylines7-0.6/floor.h Examining data/enemylines7-0.6/font_data.h Examining data/enemylines7-0.6/font_ogl.h Examining data/enemylines7-0.6/formation.h Examining data/enemylines7-0.6/game.h Examining data/enemylines7-0.6/help.h Examining data/enemylines7-0.6/light.h Examining data/enemylines7-0.6/menu.h Examining data/enemylines7-0.6/position.h Examining data/enemylines7-0.6/radio.h Examining data/enemylines7-0.6/random.h Examining data/enemylines7-0.6/release.h Examining data/enemylines7-0.6/skybox.h Examining data/enemylines7-0.6/tex.h Examining data/enemylines7-0.6/util.h Examining data/enemylines7-0.6/random.cc Examining data/enemylines7-0.6/main.cc FINAL RESULTS: data/enemylines7-0.6/random.cc:23:2: [3] (random) srand: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. srand(s); data/enemylines7-0.6/block/block.cc:83:6: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). of.open(filename.c_str()); data/enemylines7-0.6/block/block.cc:92:9: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). ifstr.open(filename.c_str()); data/enemylines7-0.6/font_data.cc:8:15: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static const char * font_all[94][14]= { data/enemylines7-0.6/font_ogl.cc:129:25: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). glTranslatef(-(float)(strlen(text)*dx()/2),-(float)(dy()/2),0); data/enemylines7-0.6/font_ogl.cc:132:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (unsigned int i=0;i<strlen(text);i++) { data/enemylines7-0.6/font_ogl.cc:148:26: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (unsigned int i=0;i<strlen(text);i++) { ANALYSIS SUMMARY: Hits = 7 Lines analyzed = 23942 in approximately 0.57 seconds (41775 lines/second) Physical Source Lines of Code (SLOC) = 21756 Hits@level = [0] 0 [1] 3 [2] 3 [3] 1 [4] 0 [5] 0 Hits@level+ = [0+] 7 [1+] 7 [2+] 4 [3+] 1 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 0.32175 [1+] 0.32175 [2+] 0.183857 [3+] 0.0459643 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.