Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/gtkpool-0.5.0/gtkpool/moving.cpp
Examining data/gtkpool-0.5.0/gtkpool/game.cpp
Examining data/gtkpool-0.5.0/gtkpool/indentify_ball.cpp
Examining data/gtkpool-0.5.0/gtkpool/support.cpp
Examining data/gtkpool-0.5.0/gtkpool/ball.cpp
Examining data/gtkpool-0.5.0/gtkpool/circle.cpp
Examining data/gtkpool-0.5.0/gtkpool/point2d.cpp
Examining data/gtkpool-0.5.0/gtkpool/vec2d.cpp
Examining data/gtkpool-0.5.0/gtkpool/options.cpp
Examining data/gtkpool-0.5.0/gtkpool/sound.cpp
Examining data/gtkpool-0.5.0/gtkpool/check_pocket.cpp
Examining data/gtkpool-0.5.0/gtkpool/pointer_selects.cpp
Examining data/gtkpool-0.5.0/gtkpool/draw_ball.cpp
Examining data/gtkpool-0.5.0/gtkpool/apply_friction.cpp
Examining data/gtkpool-0.5.0/gtkpool/move_balls.cpp
Examining data/gtkpool-0.5.0/gtkpool/check_table_collision.cpp
Examining data/gtkpool-0.5.0/gtkpool/connectdialog.cpp
Examining data/gtkpool-0.5.0/gtkpool/application.cpp
Examining data/gtkpool-0.5.0/gtkpool/main.cpp
Examining data/gtkpool-0.5.0/gtkpool/application.h
Examining data/gtkpool-0.5.0/gtkpool/connectdialog.h
Examining data/gtkpool-0.5.0/gtkpool/check_table_collision.h
Examining data/gtkpool-0.5.0/gtkpool/move_balls.h
Examining data/gtkpool-0.5.0/gtkpool/apply_friction.h
Examining data/gtkpool-0.5.0/gtkpool/draw_ball.h
Examining data/gtkpool-0.5.0/gtkpool/pointer_selects.h
Examining data/gtkpool-0.5.0/gtkpool/check_pocket.h
Examining data/gtkpool-0.5.0/gtkpool/sound.h
Examining data/gtkpool-0.5.0/gtkpool/options.h
Examining data/gtkpool-0.5.0/gtkpool/vec2d.h
Examining data/gtkpool-0.5.0/gtkpool/point2d.h
Examining data/gtkpool-0.5.0/gtkpool/circle.h
Examining data/gtkpool-0.5.0/gtkpool/ball.h
Examining data/gtkpool-0.5.0/gtkpool/support.h
Examining data/gtkpool-0.5.0/gtkpool/indentify_ball.h
Examining data/gtkpool-0.5.0/gtkpool/game.h
Examining data/gtkpool-0.5.0/gtkpool/moving.h
FINAL RESULTS:
data/gtkpool-0.5.0/gtkpool/application.cpp:675:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_filename, directory);
data/gtkpool-0.5.0/gtkpool/application.cpp:676:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, G_DIR_SEPARATOR_S);
data/gtkpool-0.5.0/gtkpool/application.cpp:677:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, filename);
data/gtkpool-0.5.0/gtkpool/main.cpp:443:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p1_name, app.thegame->player_1.player_name);
data/gtkpool-0.5.0/gtkpool/main.cpp:444:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat(p2_name, app.thegame->player_2.player_name);
data/gtkpool-0.5.0/gtkpool/main.cpp:453:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(app.s1, g_strdup_printf("-%d-", app.thegame->player_1.score));
data/gtkpool-0.5.0/gtkpool/main.cpp:454:4: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy(app.s2, g_strdup_printf("-%d-", app.thegame->player_2.score));
data/gtkpool-0.5.0/gtkpool/support.cpp:152:3: [4] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused).
strcpy (full_filename, directory);
data/gtkpool-0.5.0/gtkpool/support.cpp:153:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, G_DIR_SEPARATOR_S);
data/gtkpool-0.5.0/gtkpool/support.cpp:154:3: [4] (buffer) strcat:
Does not check for buffer overflows when concatenating to destination
[MS-banned] (CWE-120). Consider using strcat_s, strncat, strlcat, or
snprintf (warning: strncat is easily misused).
strcat (full_filename, filename);
data/gtkpool-0.5.0/gtkpool/application.cpp:226:7: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(thegame->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/application.cpp:762:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[20] = "ball_hit.raw";
data/gtkpool-0.5.0/gtkpool/application.cpp:777:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename2[20] = "ball_drop.raw";
data/gtkpool-0.5.0/gtkpool/application.h:67:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char coll_snd[12000];
data/gtkpool-0.5.0/gtkpool/application.h:69:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bnc_snd[1025];
data/gtkpool-0.5.0/gtkpool/application.h:71:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char pock_snd[194000];
data/gtkpool-0.5.0/gtkpool/game.cpp:30:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->player_1.player_name, "Player 1");
data/gtkpool-0.5.0/gtkpool/game.cpp:31:2: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->player_2.player_name, "Player 2");
data/gtkpool-0.5.0/gtkpool/game.cpp:65:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Awww, so close, but you blew it.\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:70:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Oops, you scratched\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:79:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "You shouldn't play with other peoples balls.\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:81:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "That's not the lowest ball.\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:86:3: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Missed them all!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:158:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:170:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Hey! Wrong ball.\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:186:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:198:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Hey! Wrong ball.\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:215:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:225:4: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:240:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.cpp:253:5: [2] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant string.
strcpy(this->comment, "Nice Shot!\n");
data/gtkpool-0.5.0/gtkpool/game.h:39:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char player_name [30]; // Player's name
data/gtkpool-0.5.0/gtkpool/game.h:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char comment [100]; // Place a message in here to display
data/gtkpool-0.5.0/gtkpool/main.cpp:386:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p1_name [31];
data/gtkpool-0.5.0/gtkpool/main.cpp:387:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char p2_name [31];
data/gtkpool-0.5.0/gtkpool/sound.cpp:75:11: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
int fd = open(file, O_RDONLY);
data/gtkpool-0.5.0/gtkpool/sound.cpp:83:18: [2] (misc) open:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
if ((audio_fd = open("/dev/dsp", O_WRONLY, 0)) == -1) {
data/gtkpool-0.5.0/gtkpool/application.cpp:43:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s1, "0");
data/gtkpool-0.5.0/gtkpool/application.cpp:44:3: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(s2, "0");
data/gtkpool-0.5.0/gtkpool/application.cpp:673:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_filename = (gchar*) g_malloc (strlen (directory) + 1
data/gtkpool-0.5.0/gtkpool/application.cpp:674:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (filename) + 1);
data/gtkpool-0.5.0/gtkpool/main.cpp:411:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p1_name, "*");
data/gtkpool-0.5.0/gtkpool/main.cpp:412:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p2_name, " ");
data/gtkpool-0.5.0/gtkpool/main.cpp:418:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p1_name, " ");
data/gtkpool-0.5.0/gtkpool/main.cpp:419:4: [1] (buffer) strcpy:
Does not check for buffer overflows when copying to destination [MS-banned]
(CWE-120). Consider using snprintf, strcpy_s, or strlcpy (warning: strncpy
easily misused). Risk is low because the source is a constant character.
strcpy(p2_name, "*");
data/gtkpool-0.5.0/gtkpool/main.cpp:575:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if(!strlen(gtk_entry_get_text(GTK_ENTRY(app->connect_dialog->host_entry))))
data/gtkpool-0.5.0/gtkpool/main.cpp:579:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strlen(gtk_entry_get_text(GTK_ENTRY(app->connect_dialog->port_entry))))
data/gtkpool-0.5.0/gtkpool/main.cpp:583:11: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
else if(!strlen(gtk_entry_get_text(GTK_ENTRY(app->connect_dialog->handle_entry))))
data/gtkpool-0.5.0/gtkpool/sound.cpp:76:11: [1] (buffer) read:
Check buffer boundaries if used in a loop including recursive loops
(CWE-120, CWE-20).
*count = read(fd, buffer, *count);
data/gtkpool-0.5.0/gtkpool/support.cpp:150:38: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
full_filename = (gchar*) g_malloc (strlen (directory) + 1
data/gtkpool-0.5.0/gtkpool/support.cpp:151:40: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
+ strlen (filename) + 1);
ANALYSIS SUMMARY:
Hits = 51
Lines analyzed = 4122 in approximately 0.18 seconds (23216 lines/second)
Physical Source Lines of Code (SLOC) = 2805
Hits@level = [0] 0 [1] 14 [2] 27 [3] 0 [4] 10 [5] 0
Hits@level+ = [0+] 51 [1+] 51 [2+] 37 [3+] 10 [4+] 10 [5+] 0
Hits/KSLOC@level+ = [0+] 18.1818 [1+] 18.1818 [2+] 13.1907 [3+] 3.56506 [4+] 3.56506 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.