Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/gnushogi-1.5~git20140725/gnushogi/search.c Examining data/gnushogi-1.5~git20140725/gnushogi/book.c Examining data/gnushogi-1.5~git20140725/gnushogi/eval.h Examining data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h Examining data/gnushogi-1.5~git20140725/gnushogi/sizetest.c Examining data/gnushogi-1.5~git20140725/gnushogi/opts.h Examining data/gnushogi-1.5~git20140725/gnushogi/pattern.h Examining data/gnushogi-1.5~git20140725/gnushogi/pattern.c Examining data/gnushogi-1.5~git20140725/gnushogi/pattern-common.c Examining data/gnushogi-1.5~git20140725/gnushogi/util.c Examining data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c Examining data/gnushogi-1.5~git20140725/gnushogi/book.h Examining data/gnushogi-1.5~git20140725/gnushogi/genmove.c Examining data/gnushogi-1.5~git20140725/gnushogi/eval.c Examining data/gnushogi-1.5~git20140725/gnushogi/globals.c Examining data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c Examining data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c Examining data/gnushogi-1.5~git20140725/gnushogi/debug.h Examining data/gnushogi-1.5~git20140725/gnushogi/tcontrl.c Examining data/gnushogi-1.5~git20140725/gnushogi/makepattern.c Examining data/gnushogi-1.5~git20140725/gnushogi/init.c Examining data/gnushogi-1.5~git20140725/gnushogi/main.c Examining data/gnushogi-1.5~git20140725/gnushogi/commondsp.c Examining data/gnushogi-1.5~git20140725/gnushogi/attacks.c Examining data/gnushogi-1.5~git20140725/gnushogi/init-common.c FINAL RESULTS: data/gnushogi-1.5~git20140725/gnushogi/book.c:123:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(bmvstr[1], bmvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/book.c:143:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&bmvstr[1][2], &bmvstr[0][0]); data/gnushogi-1.5~git20140725/gnushogi/book.c:144:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&bmvstr[2][2], &bmvstr[0][2]); data/gnushogi-1.5~git20140725/gnushogi/book.c:149:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&bmvstr[1][1], &bmvstr[0][0]); data/gnushogi-1.5~git20140725/gnushogi/book.c:150:21: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(&bmvstr[2][1], &bmvstr[0][2]); data/gnushogi-1.5~git20140725/gnushogi/book.c:228:13: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf((color == black) ? "black " : "white "); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:190:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mvstr[1], mvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:191:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mvstr[2], mvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:192:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mvstr[3], mvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:217:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(mvstr[3], mvstr[2]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:348:21: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buf, "%s mates!\n", ColorStr[opponent]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:362:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(buffer, "Ambiguous Move %s!", s); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:455:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, savefile); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:679:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, savefile); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:999:13: [4] (format) sprintf: Potential format string problem (CWE-134). Make format string constant. sprintf(fname, data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1037:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, savefile); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1085:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mvs, "%s%s ", &mvstr[0][1], sflags); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1089:17: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(mvs, "%c%c%c%c%c%s%s ", data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1133:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(fname, listfile); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1150:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(fname, "CL.%s%s-%s%s%s%c", data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1527:9: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(s, mvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1598:13: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(sx, command); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1603:13: [4] (buffer) sscanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. if (sscanf(sx, "%s", s) < 1) data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:164:5: [4] (format) vsnprintf: If format strings can be influenced by an attacker, they can be exploited, and note that sprintf variations do not always \0-terminate (CWE-134). Use a constant for the format specification. vsnprintf(buffer, sizeof(buffer), format, ap); data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:985:9: [4] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). strcat(s, mvstr[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:121:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(listfile, argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:129:17: [4] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). strcpy(savefile, argv[0]); data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:50:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:209:9: [4] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. sprintf(s, "no pattern file '%s'", patternfile); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:120:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:131:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:142:5: [4] (format) vprintf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. vprintf(format, ap); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:150:5: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. If the scanf format is influenceable by an attacker, it's exploitable. scanf(fmt, buffer); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:369:9: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. scanf("%s", s); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:648:17: [4] (format) printf: If format strings can be influenced by an attacker, they can be exploited (CWE-134). Use a constant for the format specification. printf((side == black)?"black ":"white "); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:853:5: [4] (buffer) scanf: The scanf() family's %s operation, without a limit specification, permits buffer overflows (CWE-120, CWE-20). Specify a limit to %s, or use a different input function. scanf("%s", s); data/gnushogi-1.5~git20140725/gnushogi/eval.c:2475:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random < 35 + d) data/gnushogi-1.5~git20140725/gnushogi/eval.c:2477:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (random < 95) data/gnushogi-1.5~git20140725/gnushogi/eval.c:2482:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random < 75 + d) data/gnushogi-1.5~git20140725/gnushogi/eval.c:2484:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (random < 95) data/gnushogi-1.5~git20140725/gnushogi/eval.c:2489:29: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. if (random < 33 + d) data/gnushogi-1.5~git20140725/gnushogi/eval.c:2491:34: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. else if (random < 66) data/gnushogi-1.5~git20140725/gnushogi/book.c:64:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char bmvstr[3][7]; data/gnushogi-1.5~git20140725/gnushogi/book.c:366:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[255]; data/gnushogi-1.5~git20140725/gnushogi/book.c:648:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char msg[80]; data/gnushogi-1.5~git20140725/gnushogi/book.c:652:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(bookfile, "r")) == NULL) data/gnushogi-1.5~git20140725/gnushogi/book.c:653:14: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen("gnushogi.tbk", "r"); data/gnushogi-1.5~git20140725/gnushogi/book.c:659:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gfd = open(binbookfile, O_RDONLY | O_BINARY); data/gnushogi-1.5~git20140725/gnushogi/book.c:681:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gfd = open(binbookfile, O_RDWR | O_BINARY); data/gnushogi-1.5~git20140725/gnushogi/book.c:686:19: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gfd = open(binbookfile, O_RDWR | O_CREAT | O_BINARY, 0644); data/gnushogi-1.5~git20140725/gnushogi/book.c:844:15: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). gfd = open(binbookfile, O_RDONLY | O_BINARY); data/gnushogi-1.5~git20140725/gnushogi/book.c:869:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(msg, "Book used %lu(%lu).", B.bookcount, B.booksize); data/gnushogi-1.5~git20140725/gnushogi/book.c:986:17: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[20]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:53:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mvstr[4][6]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:70:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "none"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:247:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[60]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:346:21: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[20]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:429:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char fmt[10]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:449:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256], *p; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:462:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname, "shogi.000"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:464:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "r")) != NULL) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:482:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Game50 = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:489:18: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TCflag = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:493:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). OperatorTime = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:497:36: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeControl.clock[black] = atol(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:500:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeControl.moves[black] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:504:36: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeControl.clock[white] = atol(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:507:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TimeControl.moves[white] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:557:31: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Mvboard[sq] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:574:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][pawn] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:577:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][lance] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:579:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][knight] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:582:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][silver] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:584:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][gold] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:586:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][bishop] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:588:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][rook] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:590:36: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][king] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:611:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->score = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:613:24: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->depth = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:615:24: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->nodes = atol(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:617:23: [2] (integer) atol: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->time = atol(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:619:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). g->flags = c = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:672:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:676:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char empty[2] = "\n"; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:686:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname, "shogi.000"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:688:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "w")) != NULL) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:824:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256], *p; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:833:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname, "xshogi.position.read"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:835:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "r")) != NULL) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:911:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][pawn] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:914:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][lance] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:916:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][knight] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:919:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][silver] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:921:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][gold] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:923:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][bishop] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:925:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][rook] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:927:38: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). Captured[side][king] = atoi(InPtr); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:953:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256], *p; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:962:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(fname, "xshogi.position.read"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:964:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "w")) != NULL) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1033:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256], sflags[4]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1049:15: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((fd = fopen(fname, "a")) != NULL) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1056:13: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mvnr[20], mvs[20]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1059:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(mvnr, "%d.", (i + 1)/2); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1129:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char fname[256], dbuf[256]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1162:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen(fname, "w"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1506:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80], sx[80]; data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1648:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ColorStr[0], "White"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1649:13: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ColorStr[1], "Black"); data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:163:12: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. static char buffer[60]; data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:371:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80]; data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:476:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80]; data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:979:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[40]; data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:984:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "try "); data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:1144:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[40]; data/gnushogi-1.5~git20140725/gnushogi/eval.c:285:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char GameType[2] = { UNKNOWN, UNKNOWN }; /* chosen game type of each side */ data/gnushogi-1.5~git20140725/gnushogi/eval.c:2094:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[12]; data/gnushogi-1.5~git20140725/gnushogi/eval.c:2099:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "CASTLE_?_?"); data/gnushogi-1.5~git20140725/gnushogi/eval.c:2122:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "ATTACK_?_?"); data/gnushogi-1.5~git20140725/gnushogi/genmove.c:80:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char mvstr[4][6]; data/gnushogi-1.5~git20140725/gnushogi/globals.c:50:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ColorStr[2][10]; data/gnushogi-1.5~git20140725/gnushogi/globals.c:64:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savefile[128]; data/gnushogi-1.5~git20140725/gnushogi/globals.c:65:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char listfile[128]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:108:37: [2] (buffer) bcopy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define array_copy(src, dst, len) bcopy(src, dst, len) data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:111:37: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. # define array_copy(src, dst, len) memcpy(dst, src, len) data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:551:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bd[PTBLBDSIZE]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:566:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bd[PTBLBDSIZE]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:594:14: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. unsigned char bd[PTBLBDSIZE]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:678:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char ColorStr[2][10]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:680:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char mvstr[4][6]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:777:18: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. typedef unsigned char next_array[NO_SQUARES][NO_SQUARES]; data/gnushogi-1.5~git20140725/gnushogi/gnushogi.h:838:8: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. extern char GameType[2]; data/gnushogi-1.5~git20140725/gnushogi/init-common.c:145:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buffer[60]; data/gnushogi-1.5~git20140725/gnushogi/init-common.c:164:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Cannot allocate %ld bytes for search tree", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:175:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Cannot allocate %ld bytes for hashcode", (long)n); data/gnushogi-1.5~git20140725/gnushogi/init-common.c:185:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, data/gnushogi-1.5~git20140725/gnushogi/init-common.c:197:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, data/gnushogi-1.5~git20140725/gnushogi/init-common.c:215:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "cannot allocate %ld space for nextdir %d", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:230:17: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "cannot allocate %ld space for nextpos %d", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:269:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Cannot allocate %ld bytes for history table", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:285:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Cannot allocate %ld bytes for cache table %ld", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:335:9: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, "Cannot allocate %ld bytes for transposition table", data/gnushogi-1.5~git20140725/gnushogi/init-common.c:362:13: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(buffer, data/gnushogi-1.5~git20140725/gnushogi/init.c:619:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char sx[256]; data/gnushogi-1.5~git20140725/gnushogi/init.c:620:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(sx, "level"); data/gnushogi-1.5~git20140725/gnushogi/init.c:662:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ColorStr[0], "Black"); data/gnushogi-1.5~git20140725/gnushogi/init.c:663:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(ColorStr[1], "White"); data/gnushogi-1.5~git20140725/gnushogi/init.c:697:17: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). xwndw = atoi(xwin); data/gnushogi-1.5~git20140725/gnushogi/init.c:705:16: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hashfile = fopen(HASHFILE, RWA_ACC); data/gnushogi-1.5~git20140725/gnushogi/main.c:137:30: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). bookmaxply = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:151:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). booksize = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:160:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). rehash = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:170:28: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). ttblsize = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:181:26: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). filesz = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/main.c:190:29: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if ((hashfile = fopen(HASHFILE, RWA_ACC)) == NULL) data/gnushogi-1.5~git20140725/gnushogi/main.c:191:28: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hashfile = fopen(HASHFILE, WA_ACC); data/gnushogi-1.5~git20140725/gnushogi/main.c:217:24: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). hashfile = fopen(HASHFILE, RWA_ACC); data/gnushogi-1.5~git20140725/gnushogi/main.c:326:21: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). TCmoves = atoi(argv[1]); data/gnushogi-1.5~git20140725/gnushogi/main.c:340:29: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). XCmoves[XC] = atoi(argv[0]); data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:172:37: [2] (integer) atoi: Unless checked, the resulting number can exceed the expected range (CWE-190). If source untrusted, check both minimum and maximum, even if the input had no minus sign (large numbers can roll over into negative number; consider saving to an unsigned value if that is intended). pattern_data[(*pindex)++] = atoi(s); data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:202:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[256]; data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:206:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen (patternfile, "r"); data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:248:5: [2] (buffer) sprintf: Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or vsnprintf. Risk is low because the source has a constant maximum length. sprintf(s, data/gnushogi-1.5~git20140725/gnushogi/makepattern.c:265:10: [2] (misc) fopen: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). fd = fopen (patternincfile, "w"); data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c:59:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80]; data/gnushogi-1.5~git20140725/gnushogi/pat2inc.c:76:5: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(s, "g6i k5i g4i p9g p8g r* s3h p7g b8h B* S5f"); data/gnushogi-1.5~git20140725/gnushogi/pattern.c:54:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "CASTLE_?_?"); data/gnushogi-1.5~git20140725/gnushogi/pattern.c:58:9: [2] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant string. strcpy(name, "ATTACK_?_?"); data/gnushogi-1.5~git20140725/gnushogi/pattern.c:160:9: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[16]; data/gnushogi-1.5~git20140725/gnushogi/pattern.c:680:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char name[MAX_NAME], name2[MAX_NAME]; data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:354:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80]; data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:460:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[80]; data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:700:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char T[NO_SQUARES + 1], *p; data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:783:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char buf[80+1]; data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:849:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[40]; data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:52:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char ColorStr[2][10]; data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:92:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char savefile[128] = ""; data/gnushogi-1.5~git20140725/gnushogi/sizetest.c:93:1: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char listfile[128] = ""; data/gnushogi-1.5~git20140725/gnushogi/util.c:44:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char s[128]; data/gnushogi-1.5~git20140725/gnushogi/book.c:155:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bmvstr[0], "+"); data/gnushogi-1.5~git20140725/gnushogi/book.c:156:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bmvstr[1], "+"); data/gnushogi-1.5~git20140725/gnushogi/book.c:157:21: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(bmvstr[2], "+"); data/gnushogi-1.5~git20140725/gnushogi/book.c:372:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == ' ') data/gnushogi-1.5~git20140725/gnushogi/book.c:378:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) != ')') && (c != EOF)); data/gnushogi-1.5~git20140725/gnushogi/book.c:382:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == ' ') || (c == '\n')); data/gnushogi-1.5~git20140725/gnushogi/book.c:389:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd))) != ']' && (c != EOF)); data/gnushogi-1.5~git20140725/gnushogi/book.c:393:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd))) == ' ' || (c == '\n')); data/gnushogi-1.5~git20140725/gnushogi/book.c:405:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/book.c:424:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/book.c:430:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == ' ') || (c == '.') || (c == '\n')); data/gnushogi-1.5~git20140725/gnushogi/book.c:434:22: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) != '?') && (c != '!') && (c != ' ') data/gnushogi-1.5~git20140725/gnushogi/book.c:451:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) != ')') && (c != EOF)); data/gnushogi-1.5~git20140725/gnushogi/book.c:454:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/book.c:463:21: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/book.c:499:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == '?') || (c == '!') || (c == '/')); data/gnushogi-1.5~git20140725/gnushogi/book.c:507:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == '?') || (c == '!') || (c == '/')); data/gnushogi-1.5~git20140725/gnushogi/book.c:515:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == '?') || (c == '!') || (c == '/')); data/gnushogi-1.5~git20140725/gnushogi/book.c:519:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/book.c:523:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) != ')') && (c != EOF)); data/gnushogi-1.5~git20140725/gnushogi/book.c:528:26: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) != '#') && (c != EOF)); data/gnushogi-1.5~git20140725/gnushogi/book.c:610:32: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (sizeof_gdxadmin == read(gfd, (char *)&ADMIN, sizeof_gdxadmin)); data/gnushogi-1.5~git20140725/gnushogi/book.c:616:31: [1] (buffer) read: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). return (sizeof_gdxdata == read(gfd, (char *)DATA, sizeof_gdxdata)); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:222:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mvstr[0], "+"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:223:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mvstr[1], "+"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:224:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mvstr[2], "+"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:225:13: [1] (buffer) strcat: Does not check for buffer overflows when concatenating to destination [MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or snprintf (warning: strncat is easily misused). Risk is low because the source is a constant character. strcat(mvstr[3], "+"); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:250:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i = local_flags = 0, l = strlen(s); i < l; i++) data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1061:17: [1] (buffer) strcpy: Does not check for buffer overflows when copying to destination [MS-banned] (CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy easily misused). Risk is low because the source is a constant character. strcpy(mvnr, ""); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1138:9: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(dbuf, ctime(&when), 20); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1735:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsp->SelectLevel(sx + strlen("level")); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1739:35: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsp->SelectLevel(sx + strlen("clock")); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1755:33: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SetMachineTime(sx + strlen("time")); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1760:29: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). SetOppTime(sx + strlen("otime")); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1870:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsp->ChangeSearchDepth(sx + strlen("depth")); data/gnushogi-1.5~git20140725/gnushogi/commondsp.c:1874:41: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). dsp->ChangeSearchDepth(sx + strlen("sd")); data/gnushogi-1.5~git20140725/gnushogi/cursesdsp.c:455:5: [1] (buffer) getchar: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). getchar(); data/gnushogi-1.5~git20140725/gnushogi/pattern.c:678:15: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). short l = strlen(s); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:702:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(T, sx, NO_SQUARES); data/gnushogi-1.5~git20140725/gnushogi/rawdsp.c:784:5: [1] (buffer) strncpy: Easily used incorrectly; doesn't always \0-terminate or check for invalid pointers [MS-banned] (CWE-120). strncpy(buf, sx, 80); buf[80] = '\0'; data/gnushogi-1.5~git20140725/gnushogi/util.c:47:18: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). while (((c = getc(fd)) == ' ') || (c == '\n')); data/gnushogi-1.5~git20140725/gnushogi/util.c:58:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/util.c:72:30: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). s[++i] = (char) (c = getc(fd)); data/gnushogi-1.5~git20140725/gnushogi/util.c:83:17: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); data/gnushogi-1.5~git20140725/gnushogi/util.c:98:13: [1] (buffer) getc: Check buffer boundaries if used in a loop including recursive loops (CWE-120, CWE-20). c = getc(fd); ANALYSIS SUMMARY: Hits = 224 Lines analyzed = 17968 in approximately 0.44 seconds (40968 lines/second) Physical Source Lines of Code (SLOC) = 12731 Hits@level = [0] 272 [1] 45 [2] 137 [3] 6 [4] 36 [5] 0 Hits@level+ = [0+] 496 [1+] 224 [2+] 179 [3+] 42 [4+] 36 [5+] 0 Hits/KSLOC@level+ = [0+] 38.96 [1+] 17.5948 [2+] 14.0602 [3+] 3.29903 [4+] 2.82774 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.