Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gnushogi-1.5~git20140725/gnushogi/search.c
Examining data/gnushogi-1.5~git20140725/gnushogi/book.c
Examining data/gnushogi-1.5~git20140725/gnushogi/eval.h
Examining data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h
Examining data/gnushogi-1.5~git20140725/gnushogi/sizetest.c
Examining data/gnushogi-1.5~git20140725/gnushogi/opts.h
Examining data/gnushogi-1.5~git20140725/gnushogi/pattern.h
Examining data/gnushogi-1.5~git20140725/gnushogi/pattern.c
Examining data/gnushogi-1.5~git20140725/gnushogi/pattern-common.c
Examining data/gnushogi-1.5~git20140725/gnushogi/util.c
Examining data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c
Examining data/gnushogi-1.5~git20140725/gnushogi/book.h
Examining data/gnushogi-1.5~git20140725/gnushogi/genmove.c
Examining data/gnushogi-1.5~git20140725/gnushogi/eval.c
Examining data/gnushogi-1.5~git20140725/gnushogi/globals.c
Examining data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c
Examining data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c
Examining data/gnushogi-1.5~git20140725/gnushogi/debug.h
Examining data/gnushogi-1.5~git20140725/gnushogi/tcontrl.c
Examining data/gnushogi-1.5~git20140725/gnushogi/makepattern.c
Examining data/gnushogi-1.5~git20140725/gnushogi/init.c
Examining data/gnushogi-1.5~git20140725/gnushogi/main.c
Examining data/gnushogi-1.5~git20140725/gnushogi/commondsp.c
Examining data/gnushogi-1.5~git20140725/gnushogi/attacks.c
Examining data/gnushogi-1.5~git20140725/gnushogi/init-common.c
FINAL RESULTS:
data/gnushogi-1.5~git20140725/gnushogi/book.c:123:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(bmvstr[1], bmvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/book.c:143:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&bmvstr[1][2], &bmvstr[0][0]);
data/gnushogi-1.5~git20140725/gnushogi/book.c:144:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&bmvstr[2][2], &bmvstr[0][2]);
data/gnushogi-1.5~git20140725/gnushogi/book.c:149:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&bmvstr[1][1], &bmvstr[0][0]);
data/gnushogi-1.5~git20140725/gnushogi/book.c:150:21: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(&bmvstr[2][1], &bmvstr[0][2]);
data/gnushogi-1.5~git20140725/gnushogi/book.c:228:13: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((color == black) ? "black " : "white ");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:190:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvstr[1], mvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:191:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvstr[2], mvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:192:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvstr[3], mvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:217:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(mvstr[3], mvstr[2]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:348:21: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buf, "%s mates!\n", ColorStr[opponent]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:362:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(buffer, "Ambiguous Move %s!", s);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:455:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, savefile);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:679:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, savefile);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:999:13: [4] (format) sprintf:
Potential format string problem (CWE-134). Make format string constant.
sprintf(fname,
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1037:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, savefile);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1085:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mvs, "%s%s ", &mvstr[0][1], sflags);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1089:17: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(mvs, "%c%c%c%c%c%s%s ",
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1133:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(fname, listfile);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1150:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(fname, "CL.%s%s-%s%s%s%c",
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1527:9: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(s, mvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1598:13: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(sx, command);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1603:13: [4] (buffer) sscanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
if (sscanf(sx, "%s", s) < 1)
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:164:5: [4] (format) vsnprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
vsnprintf(buffer, sizeof(buffer), format, ap);
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:985:9: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(s, mvstr[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:121:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(listfile, argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:129:17: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(savefile, argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:50:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:209:9: [4] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf.
sprintf(s, "no pattern file '%s'", patternfile);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:120:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:131:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:142:5: [4] (format) vprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
vprintf(format, ap);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:150:5: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function. If the scanf format is influenceable by an
attacker, it's exploitable.
scanf(fmt, buffer);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:369:9: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s", s);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:648:17: [4] (format) printf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
printf((side == black)?"black ":"white ");
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:853:5: [4] (buffer) scanf:
The scanf() family's %s operation, without a limit specification, permits
buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a
different input function.
scanf("%s", s);
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2475:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random < 35 + d)
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2477:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (random < 95)
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2482:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random < 75 + d)
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2484:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (random < 95)
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2489:29: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random < 33 + d)
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2491:34: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
else if (random < 66)
data/gnushogi-1.5~git20140725/gnushogi/book.c:64:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char bmvstr[3][7];
data/gnushogi-1.5~git20140725/gnushogi/book.c:366:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[255];
data/gnushogi-1.5~git20140725/gnushogi/book.c:648:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char msg[80];
data/gnushogi-1.5~git20140725/gnushogi/book.c:652:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(bookfile, "r")) == NULL)
data/gnushogi-1.5~git20140725/gnushogi/book.c:653:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen("gnushogi.tbk", "r");
data/gnushogi-1.5~git20140725/gnushogi/book.c:659:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfd = open(binbookfile, O_RDONLY | O_BINARY);
data/gnushogi-1.5~git20140725/gnushogi/book.c:681:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfd = open(binbookfile, O_RDWR | O_BINARY);
data/gnushogi-1.5~git20140725/gnushogi/book.c:686:19: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfd = open(binbookfile, O_RDWR | O_CREAT | O_BINARY, 0644);
data/gnushogi-1.5~git20140725/gnushogi/book.c:844:15: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
gfd = open(binbookfile, O_RDONLY | O_BINARY);
data/gnushogi-1.5~git20140725/gnushogi/book.c:869:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(msg, "Book used %lu(%lu).", B.bookcount, B.booksize);
data/gnushogi-1.5~git20140725/gnushogi/book.c:986:17: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[20];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:53:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mvstr[4][6];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:70:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "none");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:247:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:346:21: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[20];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:429:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char fmt[10];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:449:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], *p;
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:462:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "shogi.000");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:464:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "r")) != NULL)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:482:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Game50 = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:489:18: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TCflag = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:493:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
OperatorTime = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:497:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimeControl.clock[black] = atol(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:500:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimeControl.moves[black] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:504:36: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimeControl.clock[white] = atol(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:507:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TimeControl.moves[white] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:557:31: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Mvboard[sq] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:574:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][pawn] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:577:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][lance] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:579:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][knight] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:582:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][silver] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:584:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][gold] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:586:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][bishop] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:588:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][rook] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:590:36: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][king] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:611:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->score = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:613:24: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->depth = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:615:24: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->nodes = atol(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:617:23: [2] (integer) atol:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->time = atol(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:619:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
g->flags = c = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:672:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:676:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char empty[2] = "\n";
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:686:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "shogi.000");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:688:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "w")) != NULL)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:824:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], *p;
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:833:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "xshogi.position.read");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:835:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "r")) != NULL)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:911:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][pawn] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:914:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][lance] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:916:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][knight] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:919:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][silver] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:921:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][gold] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:923:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][bishop] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:925:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][rook] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:927:38: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
Captured[side][king] = atoi(InPtr);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:953:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], *p;
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:962:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(fname, "xshogi.position.read");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:964:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "w")) != NULL)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1033:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], sflags[4];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1049:15: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((fd = fopen(fname, "a")) != NULL)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1056:13: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char mvnr[20], mvs[20];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1059:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(mvnr, "%d.", (i + 1)/2);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1129:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char fname[256], dbuf[256];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1162:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen(fname, "w");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1506:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80], sx[80];
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1648:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ColorStr[0], "White");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1649:13: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ColorStr[1], "Black");
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:163:12: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char buffer[60];
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:371:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:476:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:979:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:984:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "try ");
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:1144:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/gnushogi-1.5~git20140725/gnushogi/eval.c:285:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char GameType[2] = { UNKNOWN, UNKNOWN }; /* chosen game type of each side */
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2094:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[12];
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2099:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "CASTLE_?_?");
data/gnushogi-1.5~git20140725/gnushogi/eval.c:2122:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "ATTACK_?_?");
data/gnushogi-1.5~git20140725/gnushogi/genmove.c:80:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mvstr[4][6];
data/gnushogi-1.5~git20140725/gnushogi/globals.c:50:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ColorStr[2][10];
data/gnushogi-1.5~git20140725/gnushogi/globals.c:64:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savefile[128];
data/gnushogi-1.5~git20140725/gnushogi/globals.c:65:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listfile[128];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:108:37: [2] (buffer) bcopy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define array_copy(src, dst, len) bcopy(src, dst, len)
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:111:37: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
# define array_copy(src, dst, len) memcpy(dst, src, len)
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:551:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bd[PTBLBDSIZE];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:566:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bd[PTBLBDSIZE];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:594:14: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
unsigned char bd[PTBLBDSIZE];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:678:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char ColorStr[2][10];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:680:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char mvstr[4][6];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:777:18: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
typedef unsigned char next_array[NO_SQUARES][NO_SQUARES];
data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:838:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char GameType[2];
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:145:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buffer[60];
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:164:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot allocate %ld bytes for search tree",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:175:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot allocate %ld bytes for hashcode", (long)n);
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:185:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:197:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:215:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "cannot allocate %ld space for nextdir %d",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:230:17: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "cannot allocate %ld space for nextpos %d",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:269:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot allocate %ld bytes for history table",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:285:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot allocate %ld bytes for cache table %ld",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:335:9: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer, "Cannot allocate %ld bytes for transposition table",
data/gnushogi-1.5~git20140725/gnushogi/init-common.c:362:13: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(buffer,
data/gnushogi-1.5~git20140725/gnushogi/init.c:619:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char sx[256];
data/gnushogi-1.5~git20140725/gnushogi/init.c:620:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(sx, "level");
data/gnushogi-1.5~git20140725/gnushogi/init.c:662:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ColorStr[0], "Black");
data/gnushogi-1.5~git20140725/gnushogi/init.c:663:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(ColorStr[1], "White");
data/gnushogi-1.5~git20140725/gnushogi/init.c:697:17: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
xwndw = atoi(xwin);
data/gnushogi-1.5~git20140725/gnushogi/init.c:705:16: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hashfile = fopen(HASHFILE, RWA_ACC);
data/gnushogi-1.5~git20140725/gnushogi/main.c:137:30: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
bookmaxply = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:151:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
booksize = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:160:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
rehash = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:170:28: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
ttblsize = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:181:26: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
filesz = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:190:29: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((hashfile = fopen(HASHFILE, RWA_ACC)) == NULL)
data/gnushogi-1.5~git20140725/gnushogi/main.c:191:28: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hashfile = fopen(HASHFILE, WA_ACC);
data/gnushogi-1.5~git20140725/gnushogi/main.c:217:24: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hashfile = fopen(HASHFILE, RWA_ACC);
data/gnushogi-1.5~git20140725/gnushogi/main.c:326:21: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
TCmoves = atoi(argv[1]);
data/gnushogi-1.5~git20140725/gnushogi/main.c:340:29: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
XCmoves[XC] = atoi(argv[0]);
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:172:37: [2] (integer) atoi:
Unless checked, the resulting number can exceed the expected range
(CWE-190). If source untrusted, check both minimum and maximum, even if the
input had no minus sign (large numbers can roll over into negative number;
consider saving to an unsigned value if that is intended).
pattern_data[(*pindex)++] = atoi(s);
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:202:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[256];
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:206:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (patternfile, "r");
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:248:5: [2] (buffer) sprintf:
Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
vsnprintf. Risk is low because the source has a constant maximum length.
sprintf(s,
data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:265:10: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
fd = fopen (patternincfile, "w");
data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c:59:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c:76:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(s, "g6i k5i g4i p9g p8g r* s3h p7g b8h B* S5f");
data/gnushogi-1.5~git20140725/gnushogi/pattern.c:54:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "CASTLE_?_?");
data/gnushogi-1.5~git20140725/gnushogi/pattern.c:58:9: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(name, "ATTACK_?_?");
data/gnushogi-1.5~git20140725/gnushogi/pattern.c:160:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[16];
data/gnushogi-1.5~git20140725/gnushogi/pattern.c:680:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char name[MAX_NAME], name2[MAX_NAME];
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:354:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:460:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[80];
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:700:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char T[NO_SQUARES + 1], *p;
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:783:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80+1];
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:849:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[40];
data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:52:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char ColorStr[2][10];
data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:92:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char savefile[128] = "";
data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:93:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char listfile[128] = "";
data/gnushogi-1.5~git20140725/gnushogi/util.c:44:5: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char s[128];
data/gnushogi-1.5~git20140725/gnushogi/book.c:155:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bmvstr[0], "+");
data/gnushogi-1.5~git20140725/gnushogi/book.c:156:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bmvstr[1], "+");
data/gnushogi-1.5~git20140725/gnushogi/book.c:157:21: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(bmvstr[2], "+");
data/gnushogi-1.5~git20140725/gnushogi/book.c:372:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == ' ')
data/gnushogi-1.5~git20140725/gnushogi/book.c:378:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) != ')') && (c != EOF));
data/gnushogi-1.5~git20140725/gnushogi/book.c:382:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == ' ') || (c == '\n'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:389:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd))) != ']' && (c != EOF));
data/gnushogi-1.5~git20140725/gnushogi/book.c:393:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd))) == ' ' || (c == '\n'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:405:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/book.c:424:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/book.c:430:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == ' ') || (c == '.') || (c == '\n'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:434:22: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) != '?') && (c != '!') && (c != ' ')
data/gnushogi-1.5~git20140725/gnushogi/book.c:451:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) != ')') && (c != EOF));
data/gnushogi-1.5~git20140725/gnushogi/book.c:454:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/book.c:463:21: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/book.c:499:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == '?') || (c == '!') || (c == '/'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:507:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == '?') || (c == '!') || (c == '/'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:515:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == '?') || (c == '!') || (c == '/'));
data/gnushogi-1.5~git20140725/gnushogi/book.c:519:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/book.c:523:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) != ')') && (c != EOF));
data/gnushogi-1.5~git20140725/gnushogi/book.c:528:26: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) != '#') && (c != EOF));
data/gnushogi-1.5~git20140725/gnushogi/book.c:610:32: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (sizeof_gdxadmin == read(gfd, (char *)&ADMIN, sizeof_gdxadmin));
data/gnushogi-1.5~git20140725/gnushogi/book.c:616:31: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
return (sizeof_gdxdata == read(gfd, (char *)DATA, sizeof_gdxdata));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:222:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mvstr[0], "+");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:223:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mvstr[1], "+");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:224:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mvstr[2], "+");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:225:13: [1] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused). Risk is low because the
source is a constant character.
strcat(mvstr[3], "+");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:250:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (i = local_flags = 0, l = strlen(s); i < l; i++)
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1061:17: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(mvnr, "");
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1138:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(dbuf, ctime(&when), 20);
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1735:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsp->SelectLevel(sx + strlen("level"));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1739:35: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsp->SelectLevel(sx + strlen("clock"));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1755:33: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SetMachineTime(sx + strlen("time"));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1760:29: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
SetOppTime(sx + strlen("otime"));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1870:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsp->ChangeSearchDepth(sx + strlen("depth"));
data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1874:41: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
dsp->ChangeSearchDepth(sx + strlen("sd"));
data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:455:5: [1] (buffer) getchar:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
getchar();
data/gnushogi-1.5~git20140725/gnushogi/pattern.c:678:15: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
short l = strlen(s);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:702:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(T, sx, NO_SQUARES);
data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:784:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(buf, sx, 80); buf[80] = '\0';
data/gnushogi-1.5~git20140725/gnushogi/util.c:47:18: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
while (((c = getc(fd)) == ' ') || (c == '\n'));
data/gnushogi-1.5~git20140725/gnushogi/util.c:58:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/util.c:72:30: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
s[++i] = (char) (c = getc(fd));
data/gnushogi-1.5~git20140725/gnushogi/util.c:83:17: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
data/gnushogi-1.5~git20140725/gnushogi/util.c:98:13: [1] (buffer) getc:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
c = getc(fd);
ANALYSIS SUMMARY:
Hits = 224
Lines analyzed = 17968 in approximately 0.44 seconds (40968 lines/second)
Physical Source Lines of Code (SLOC) = 12731
Hits@level = [0] 272 [1] 45 [2] 137 [3] 6 [4] 36 [5] 0
Hits@level+ = [0+] 496 [1+] 224 [2+] 179 [3+] 42 [4+] 36 [5+] 0
Hits/KSLOC@level+ = [0+] 38.96 [1+] 17.5948 [2+] 14.0602 [3+] 3.29903 [4+] 2.82774 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.