Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/enemylines7-0.6/block/blockinfo.cc
Examining data/enemylines7-0.6/block/blockinfo.h
Examining data/enemylines7-0.6/block/block.cc
Examining data/enemylines7-0.6/block/block.h
Examining data/enemylines7-0.6/block/cacher.cc
Examining data/enemylines7-0.6/block/cacher.h
Examining data/enemylines7-0.6/block/collider.cc
Examining data/enemylines7-0.6/block/collider.h
Examining data/enemylines7-0.6/block/cube.cc
Examining data/enemylines7-0.6/block/cube.h
Examining data/enemylines7-0.6/block/debugger.cc
Examining data/enemylines7-0.6/block/debugger.h
Examining data/enemylines7-0.6/block/destructor.cc
Examining data/enemylines7-0.6/block/destructor.h
Examining data/enemylines7-0.6/block/infostack.cc
Examining data/enemylines7-0.6/block/infostack.h
Examining data/enemylines7-0.6/block/map2.cc
Examining data/enemylines7-0.6/block/map2.h
Examining data/enemylines7-0.6/block/merger.cc
Examining data/enemylines7-0.6/block/merger.h
Examining data/enemylines7-0.6/block/painter3.cc
Examining data/enemylines7-0.6/block/painter3.h
Examining data/enemylines7-0.6/block/painter6.cc
Examining data/enemylines7-0.6/block/painter6.h
Examining data/enemylines7-0.6/block/selector2.cc
Examining data/enemylines7-0.6/block/selector2.h
Examining data/enemylines7-0.6/block/material.cc
Examining data/enemylines7-0.6/block/material.h
Examining data/enemylines7-0.6/models/biosphere.cc
Examining data/enemylines7-0.6/models/bomb.cc
Examining data/enemylines7-0.6/models/bunker.cc
Examining data/enemylines7-0.6/models/displaylists.cc
Examining data/enemylines7-0.6/models/plane1.cc
Examining data/enemylines7-0.6/models/plane2.cc
Examining data/enemylines7-0.6/models/slope1_1.cc
Examining data/enemylines7-0.6/models/slope1_2.cc
Examining data/enemylines7-0.6/models/slope1.cc
Examining data/enemylines7-0.6/models/slope2_1.cc
Examining data/enemylines7-0.6/models/slope2_2.cc
Examining data/enemylines7-0.6/models/slope3_1.cc
Examining data/enemylines7-0.6/models/slope3_2.cc
Examining data/enemylines7-0.6/models/slope4_1.cc
Examining data/enemylines7-0.6/models/slope4_2.cc
Examining data/enemylines7-0.6/models/sphere.cc
Examining data/enemylines7-0.6/models/station.cc
Examining data/enemylines7-0.6/models/tower.cc
Examining data/enemylines7-0.6/models/all.h
Examining data/enemylines7-0.6/models/biosphere.h
Examining data/enemylines7-0.6/models/bomb.h
Examining data/enemylines7-0.6/models/bunker.h
Examining data/enemylines7-0.6/models/displaylists.h
Examining data/enemylines7-0.6/models/plane1.h
Examining data/enemylines7-0.6/models/plane2.h
Examining data/enemylines7-0.6/models/slope1_1.h
Examining data/enemylines7-0.6/models/slope1_2.h
Examining data/enemylines7-0.6/models/slope1.h
Examining data/enemylines7-0.6/models/slope2_1.h
Examining data/enemylines7-0.6/models/slope2_2.h
Examining data/enemylines7-0.6/models/slope3_1.h
Examining data/enemylines7-0.6/models/slope3_2.h
Examining data/enemylines7-0.6/models/slope4_1.h
Examining data/enemylines7-0.6/models/slope4_2.h
Examining data/enemylines7-0.6/models/sphere.h
Examining data/enemylines7-0.6/models/station.h
Examining data/enemylines7-0.6/models/tower.h
Examining data/enemylines7-0.6/tweak/tweak_release.cc
Examining data/enemylines7-0.6/tweak/tweak_release.h
Examining data/enemylines7-0.6/tweak/tweak.h
Examining data/enemylines7-0.6/math/frustum.cc
Examining data/enemylines7-0.6/math/quaternion.cc
Examining data/enemylines7-0.6/math/box3_tpl.h
Examining data/enemylines7-0.6/math/c4_tpl.h
Examining data/enemylines7-0.6/math/frustum.h
Examining data/enemylines7-0.6/math/matrix4_tpl.h
Examining data/enemylines7-0.6/math/mymath.h
Examining data/enemylines7-0.6/math/quaternion.h
Examining data/enemylines7-0.6/math/c3_tpl.h
Examining data/enemylines7-0.6/elements/energy.cc
Examining data/enemylines7-0.6/elements/energy.h
Examining data/enemylines7-0.6/elements/interval.cc
Examining data/enemylines7-0.6/elements/interval.h
Examining data/enemylines7-0.6/elements/score.cc
Examining data/enemylines7-0.6/elements/score.h
Examining data/enemylines7-0.6/elements/difficulty.cc
Examining data/enemylines7-0.6/elements/difficulty.h
Examining data/enemylines7-0.6/elements/timeleft.cc
Examining data/enemylines7-0.6/elements/timeleft.h
Examining data/enemylines7-0.6/audio.cc
Examining data/enemylines7-0.6/config.cc
Examining data/enemylines7-0.6/container.cc
Examining data/enemylines7-0.6/entity.cc
Examining data/enemylines7-0.6/floor.cc
Examining data/enemylines7-0.6/font_data.cc
Examining data/enemylines7-0.6/font_ogl.cc
Examining data/enemylines7-0.6/formation.cc
Examining data/enemylines7-0.6/game.cc
Examining data/enemylines7-0.6/help.cc
Examining data/enemylines7-0.6/light.cc
Examining data/enemylines7-0.6/menu.cc
Examining data/enemylines7-0.6/position.cc
Examining data/enemylines7-0.6/radio.cc
Examining data/enemylines7-0.6/skybox.cc
Examining data/enemylines7-0.6/tex.cc
Examining data/enemylines7-0.6/util.cc
Examining data/enemylines7-0.6/audio.h
Examining data/enemylines7-0.6/config.h
Examining data/enemylines7-0.6/container.h
Examining data/enemylines7-0.6/coordinate.h
Examining data/enemylines7-0.6/entity.h
Examining data/enemylines7-0.6/entitytype.h
Examining data/enemylines7-0.6/floor.h
Examining data/enemylines7-0.6/font_data.h
Examining data/enemylines7-0.6/font_ogl.h
Examining data/enemylines7-0.6/formation.h
Examining data/enemylines7-0.6/game.h
Examining data/enemylines7-0.6/help.h
Examining data/enemylines7-0.6/light.h
Examining data/enemylines7-0.6/menu.h
Examining data/enemylines7-0.6/position.h
Examining data/enemylines7-0.6/radio.h
Examining data/enemylines7-0.6/random.h
Examining data/enemylines7-0.6/release.h
Examining data/enemylines7-0.6/skybox.h
Examining data/enemylines7-0.6/tex.h
Examining data/enemylines7-0.6/util.h
Examining data/enemylines7-0.6/random.cc
Examining data/enemylines7-0.6/main.cc
FINAL RESULTS:
data/enemylines7-0.6/random.cc:23:2: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(s);
data/enemylines7-0.6/block/block.cc:83:6: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
of.open(filename.c_str());
data/enemylines7-0.6/block/block.cc:92:9: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
ifstr.open(filename.c_str());
data/enemylines7-0.6/font_data.cc:8:15: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char * font_all[94][14]= {
data/enemylines7-0.6/font_ogl.cc:129:25: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
glTranslatef(-(float)(strlen(text)*dx()/2),-(float)(dy()/2),0);
data/enemylines7-0.6/font_ogl.cc:132:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i=0;i<strlen(text);i++) {
data/enemylines7-0.6/font_ogl.cc:148:26: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (unsigned int i=0;i<strlen(text);i++) {
ANALYSIS SUMMARY:
Hits = 7
Lines analyzed = 23942 in approximately 0.57 seconds (41775 lines/second)
Physical Source Lines of Code (SLOC) = 21756
Hits@level = [0] 0 [1] 3 [2] 3 [3] 1 [4] 0 [5] 0
Hits@level+ = [0+] 7 [1+] 7 [2+] 4 [3+] 1 [4+] 0 [5+] 0
Hits/KSLOC@level+ = [0+] 0.32175 [1+] 0.32175 [2+] 0.183857 [3+] 0.0459643 [4+] 0 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.