Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/fruit-2.1.dfsg/src/pv.h
Examining data/fruit-2.1.dfsg/src/move_do.h
Examining data/fruit-2.1.dfsg/src/search_full.cpp
Examining data/fruit-2.1.dfsg/src/list.cpp
Examining data/fruit-2.1.dfsg/src/random.cpp
Examining data/fruit-2.1.dfsg/src/recog.h
Examining data/fruit-2.1.dfsg/src/attack.h
Examining data/fruit-2.1.dfsg/src/trans.cpp
Examining data/fruit-2.1.dfsg/src/vector.cpp
Examining data/fruit-2.1.dfsg/src/move_check.h
Examining data/fruit-2.1.dfsg/src/move_legal.cpp
Examining data/fruit-2.1.dfsg/src/fen.h
Examining data/fruit-2.1.dfsg/src/pst.h
Examining data/fruit-2.1.dfsg/src/see.h
Examining data/fruit-2.1.dfsg/src/sort.cpp
Examining data/fruit-2.1.dfsg/src/see.cpp
Examining data/fruit-2.1.dfsg/src/protocol.h
Examining data/fruit-2.1.dfsg/src/option.cpp
Examining data/fruit-2.1.dfsg/src/vector.h
Examining data/fruit-2.1.dfsg/src/fen.cpp
Examining data/fruit-2.1.dfsg/src/main.cpp
Examining data/fruit-2.1.dfsg/src/move_legal.h
Examining data/fruit-2.1.dfsg/src/square.cpp
Examining data/fruit-2.1.dfsg/src/recog.cpp
Examining data/fruit-2.1.dfsg/src/pawn.cpp
Examining data/fruit-2.1.dfsg/src/book.h
Examining data/fruit-2.1.dfsg/src/colour.h
Examining data/fruit-2.1.dfsg/src/posix.cpp
Examining data/fruit-2.1.dfsg/src/hash.cpp
Examining data/fruit-2.1.dfsg/src/eval.h
Examining data/fruit-2.1.dfsg/src/random.h
Examining data/fruit-2.1.dfsg/src/hash.h
Examining data/fruit-2.1.dfsg/src/move_gen.h
Examining data/fruit-2.1.dfsg/src/square.h
Examining data/fruit-2.1.dfsg/src/search.h
Examining data/fruit-2.1.dfsg/src/search_full.h
Examining data/fruit-2.1.dfsg/src/eval.cpp
Examining data/fruit-2.1.dfsg/src/move_check.cpp
Examining data/fruit-2.1.dfsg/src/move.cpp
Examining data/fruit-2.1.dfsg/src/trans.h
Examining data/fruit-2.1.dfsg/src/list.h
Examining data/fruit-2.1.dfsg/src/move_do.cpp
Examining data/fruit-2.1.dfsg/src/move.h
Examining data/fruit-2.1.dfsg/src/material.cpp
Examining data/fruit-2.1.dfsg/src/pawn.h
Examining data/fruit-2.1.dfsg/src/material.h
Examining data/fruit-2.1.dfsg/src/value.h
Examining data/fruit-2.1.dfsg/src/pv.cpp
Examining data/fruit-2.1.dfsg/src/value.cpp
Examining data/fruit-2.1.dfsg/src/move_gen.cpp
Examining data/fruit-2.1.dfsg/src/sort.h
Examining data/fruit-2.1.dfsg/src/util.h
Examining data/fruit-2.1.dfsg/src/search.cpp
Examining data/fruit-2.1.dfsg/src/attack.cpp
Examining data/fruit-2.1.dfsg/src/move_evasion.h
Examining data/fruit-2.1.dfsg/src/piece.cpp
Examining data/fruit-2.1.dfsg/src/piece.h
Examining data/fruit-2.1.dfsg/src/option.h
Examining data/fruit-2.1.dfsg/src/board.h
Examining data/fruit-2.1.dfsg/src/book.cpp
Examining data/fruit-2.1.dfsg/src/board.cpp
Examining data/fruit-2.1.dfsg/src/move_evasion.cpp
Examining data/fruit-2.1.dfsg/src/posix.h
Examining data/fruit-2.1.dfsg/src/util.cpp
Examining data/fruit-2.1.dfsg/src/pst.cpp
Examining data/fruit-2.1.dfsg/src/protocol.cpp
FINAL RESULTS:
data/fruit-2.1.dfsg/src/move.cpp:127:7: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(string,NullMoveString);
data/fruit-2.1.dfsg/src/protocol.cpp:599:4: [4] (format) vsprintf:
Potential format string problem (CWE-134). Make format string constant.
vsprintf(string,format,arg_list);
data/fruit-2.1.dfsg/src/util.cpp:54:4: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
sscanf(string,S64_FORMAT,&n);
data/fruit-2.1.dfsg/src/util.cpp:98:4: [4] (format) vfprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vfprintf(stderr,format,ap);
data/fruit-2.1.dfsg/src/util.cpp:170:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(address,string);
data/fruit-2.1.dfsg/src/util.cpp:32:4: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srand(time(NULL));
data/fruit-2.1.dfsg/src/book.cpp:55:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
BookFile = fopen(file_name,"rb");
data/fruit-2.1.dfsg/src/fen.cpp:181:20: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
board->ply_nb = atoi(&fen[pos]);
data/fruit-2.1.dfsg/src/fen.cpp:274:4: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(&fen[pos],"%d 1",board->ply_nb);
data/fruit-2.1.dfsg/src/move.cpp:151:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmp_string[3];
data/fruit-2.1.dfsg/src/option.cpp:152:11: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
return atoi(val);
data/fruit-2.1.dfsg/src/pawn.cpp:274:49: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
bool backward, candidate, doubled, isolated, open, passed;
data/fruit-2.1.dfsg/src/pawn.cpp:452:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) {
data/fruit-2.1.dfsg/src/pawn.cpp:462:17: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if (open) {
data/fruit-2.1.dfsg/src/piece.cpp:25:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static const char PieceString[12+1] = "PpNnBbRrQqKk";
data/fruit-2.1.dfsg/src/protocol.cpp:118:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[65536];
data/fruit-2.1.dfsg/src/protocol.cpp:272:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
binc = double(atoi(ptr)) / 1000.0;
data/fruit-2.1.dfsg/src/protocol.cpp:280:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
btime = double(atoi(ptr)) / 1000.0;
data/fruit-2.1.dfsg/src/protocol.cpp:288:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
depth = atoi(ptr);
data/fruit-2.1.dfsg/src/protocol.cpp:300:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
mate = atoi(ptr);
data/fruit-2.1.dfsg/src/protocol.cpp:308:22: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
movestogo = atoi(ptr);
data/fruit-2.1.dfsg/src/protocol.cpp:316:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
movetime = double(atoi(ptr)) / 1000.0;
data/fruit-2.1.dfsg/src/protocol.cpp:340:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
winc = double(atoi(ptr)) / 1000.0;
data/fruit-2.1.dfsg/src/protocol.cpp:348:25: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
wtime = double(atoi(ptr)) / 1000.0;
data/fruit-2.1.dfsg/src/protocol.cpp:445:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/fruit-2.1.dfsg/src/protocol.cpp:542:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/fruit-2.1.dfsg/src/protocol.cpp:543:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ponder_string[256];
data/fruit-2.1.dfsg/src/protocol.cpp:594:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char string[4096];
data/fruit-2.1.dfsg/src/search.cpp:285:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256], pv_string[512];
data/fruit-2.1.dfsg/src/search.cpp:354:4: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char move_string[256];
data/fruit-2.1.dfsg/src/book.cpp:201:11: [1] (buffer) fgetc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
b = fgetc(file);
data/fruit-2.1.dfsg/src/move.cpp:135:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
ASSERT(strlen(string)==4);
data/fruit-2.1.dfsg/src/pv.cpp:85:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
pos += strlen(&string[pos]);
data/fruit-2.1.dfsg/src/util.cpp:169:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
address = (char *) my_malloc(strlen(string)+1);
ANALYSIS SUMMARY:
Hits = 34
Lines analyzed = 15330 in approximately 0.30 seconds (51211 lines/second)
Physical Source Lines of Code (SLOC) = 8954
Hits@level = [0] 8 [1] 4 [2] 24 [3] 1 [4] 5 [5] 0
Hits@level+ = [0+] 42 [1+] 34 [2+] 30 [3+] 6 [4+] 5 [5+] 0
Hits/KSLOC@level+ = [0+] 4.69064 [1+] 3.79719 [2+] 3.35046 [3+] 0.670092 [4+] 0.55841 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.