Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler.
Number of rules (primarily dangerous function names) in C/C++ ruleset: 223
Examining data/icebreaker-1.21/cursor.c
Examining data/icebreaker-1.21/cursor.h
Examining data/icebreaker-1.21/dialog.c
Examining data/icebreaker-1.21/dialog.h
Examining data/icebreaker-1.21/fullscreen.c
Examining data/icebreaker-1.21/fullscreen.h
Examining data/icebreaker-1.21/globals.h
Examining data/icebreaker-1.21/grid.c
Examining data/icebreaker-1.21/grid.h
Examining data/icebreaker-1.21/hiscore.h
Examining data/icebreaker-1.21/icebreaker.c
Examining data/icebreaker-1.21/icebreaker.h
Examining data/icebreaker-1.21/intro.c
Examining data/icebreaker-1.21/intro.h
Examining data/icebreaker-1.21/laundry.c
Examining data/icebreaker-1.21/laundry.h
Examining data/icebreaker-1.21/level.c
Examining data/icebreaker-1.21/level.h
Examining data/icebreaker-1.21/line.c
Examining data/icebreaker-1.21/line.h
Examining data/icebreaker-1.21/options.h
Examining data/icebreaker-1.21/penguin.c
Examining data/icebreaker-1.21/penguin.h
Examining data/icebreaker-1.21/sound.c
Examining data/icebreaker-1.21/sound.h
Examining data/icebreaker-1.21/status.c
Examining data/icebreaker-1.21/status.h
Examining data/icebreaker-1.21/text.c
Examining data/icebreaker-1.21/text.h
Examining data/icebreaker-1.21/transition.c
Examining data/icebreaker-1.21/transition.h
Examining data/icebreaker-1.21/win32_compatibility.c
Examining data/icebreaker-1.21/win32_compatibility.h
Examining data/icebreaker-1.21/hiscore.c
Examining data/icebreaker-1.21/options.c
FINAL RESULTS:
data/icebreaker-1.21/options.c:67:3: [4] (format) fprintf:
If format strings can be influenced by an attacker, they can be exploited
(CWE-134). Use a constant for the format specification.
fprintf(stderr, OPTIONFILE " doesn't exist.\nWelcome to IceBreaker.\n");
data/icebreaker-1.21/win32_compatibility.h:39:9: [4] (format) snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/icebreaker-1.21/win32_compatibility.h:39:18: [4] (format) _snprintf:
If format strings can be influenced by an attacker, they can be exploited,
and note that sprintf variations do not always \0-terminate (CWE-134). Use
a constant for the format specification.
#define snprintf _snprintf
data/icebreaker-1.21/icebreaker.c:74:2: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
srandom(time(NULL));
data/icebreaker-1.21/intro.c:61:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (random() % 32)+224;
data/icebreaker-1.21/intro.c:435:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
x=LXPOS(random() % 32);
data/icebreaker-1.21/intro.c:436:13: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
y=LYPOS(random() % 20);
data/icebreaker-1.21/intro.c:437:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
if (random()%2)
data/icebreaker-1.21/level.c:67:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
c = (random() % 32)+224;
data/icebreaker-1.21/penguin.c:33:39: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return(createpenguinxy(BORDERLEFT + (random() % (PLAYWIDTH-BLOCKWIDTH)),BORDERTOP + (random() % (PLAYHEIGHT-BLOCKWIDTH))));
data/icebreaker-1.21/penguin.c:33:87: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
return(createpenguinxy(BORDERLEFT + (random() % (PLAYWIDTH-BLOCKWIDTH)),BORDERTOP + (random() % (PLAYHEIGHT-BLOCKWIDTH))));
data/icebreaker-1.21/penguin.c:59:10: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
switch (random() % 4)
data/icebreaker-1.21/win32_compatibility.h:45:9: [3] (random) srandom:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(A) srand(A)
data/icebreaker-1.21/win32_compatibility.h:45:20: [3] (random) srand:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define srandom(A) srand(A)
data/icebreaker-1.21/win32_compatibility.h:46:9: [3] (random) random:
This function is not sufficiently random for security-related functions
such as key and nonce creation (CWE-327). Use a more secure technique for
acquiring random values.
#define random() rand()
data/icebreaker-1.21/dialog.c:255:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * mainmenu[MAINMENULENGTH] = { "NEW GAME", "OPTIONS", "HIGH SCORES", "HELP","QUIT" };
data/icebreaker-1.21/dialog.c:343:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * optionsmenu[OPTIONSMENULENGTH] = { "SOUND", "AUTO PAUSE", "FULL SCREEN", "DIFFICULTY" };
data/icebreaker-1.21/dialog.c:346:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char * optionsmenu[OPTIONSMENULENGTH] = { "SOUND", "AUTO PAUSE", "DIFFICULTY" };
data/icebreaker-1.21/dialog.c:524:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[30]; // plenty big. :)
data/icebreaker-1.21/dialog.c:577:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char buf[80];
data/icebreaker-1.21/dialog.c:579:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char helptext[13][50]={
data/icebreaker-1.21/dialog.c:677:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char menuvalues[MAXMENUITEMS][MAXMENUVALUELENGTH];
data/icebreaker-1.21/globals.h:25:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char grid[WIDTH][HEIGHT];
data/icebreaker-1.21/globals.h:27:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char username[50];
data/icebreaker-1.21/globals.h:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char homedir[255];
data/icebreaker-1.21/grid.c:30:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char maskgrid[WIDTH][HEIGHT];
data/icebreaker-1.21/grid.c:127:2: [2] (buffer) memcpy:
Does not check for buffer overflows when copying to destination (CWE-120).
Make sure destination can always hold the source data.
memcpy(maskgrid,grid,WIDTH*HEIGHT);
data/icebreaker-1.21/hiscore.c:30:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char hiscorename[HISCORENUM][50];
data/icebreaker-1.21/hiscore.c:33:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char temphiscorename[HISCORENUM+1][50]; //used for sorting
data/icebreaker-1.21/hiscore.c:41:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[50];
data/icebreaker-1.21/hiscore.c:59:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hiscorefile=fopen(HISCOREPREFIX "/" HISCOREFILE,"r");
data/icebreaker-1.21/hiscore.c:138:14: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
hiscorefile=fopen(HISCOREPREFIX "/" HISCOREFILE,"w");
data/icebreaker-1.21/hiscore.h:29:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
extern char hiscorename[HISCORENUM][50];
data/icebreaker-1.21/icebreaker.c:55:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char grid[WIDTH][HEIGHT];
data/icebreaker-1.21/icebreaker.c:57:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char username[50]; // FIX -- move this into the options struct?
data/icebreaker-1.21/icebreaker.c:58:1: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char homedir[255];
data/icebreaker-1.21/icebreaker.c:154:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char windowtitle[35];
data/icebreaker-1.21/intro.c:114:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scoretext[40];
data/icebreaker-1.21/options.c:51:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char linebuf[50];
data/icebreaker-1.21/options.c:52:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255];
data/icebreaker-1.21/options.c:53:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char optbuf[21];
data/icebreaker-1.21/options.c:54:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char valbuf[11];
data/icebreaker-1.21/options.c:64:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
optionfile=fopen(filename,"r");
data/icebreaker-1.21/options.c:127:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char filename[255];
data/icebreaker-1.21/options.c:134:13: [2] (misc) fopen:
Check when opening files - can an attacker redirect it (via symlinks),
force the opening of special file type (e.g., device files), move things
around to create a race condition, control its ancestors, or change its
contents? (CWE-362).
optionfile=fopen(filename,"w");
data/icebreaker-1.21/options.h:38:9: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char theme[MAXTHEMELENGTH];
data/icebreaker-1.21/status.c:37:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptext[30]; // should be plenty big.
data/icebreaker-1.21/status.c:58:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptext[30]; // should be plenty big.
data/icebreaker-1.21/status.c:80:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptext[30]; // should be plenty big.
data/icebreaker-1.21/status.c:101:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char tmptext[40]; // should be plenty big.
data/icebreaker-1.21/text.c:28:8: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
static char * letterdata[6];
data/icebreaker-1.21/transition.c:43:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char scoretext[30];
data/icebreaker-1.21/transition.c:44:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char bonustext[30];
data/icebreaker-1.21/transition.c:146:2: [2] (buffer) char:
Statically-sized arrays can be improperly restricted, leading to potential
overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
functions that limit length, or ensure that the size is larger than the
maximum possible length.
char finaltext[30];
data/icebreaker-1.21/dialog.c:369:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)==0)
data/icebreaker-1.21/dialog.c:374:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:376:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:380:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"n/a",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:390:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:395:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:403:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)==0)
data/icebreaker-1.21/dialog.c:406:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:408:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:416:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:421:4: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:429:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)==0)
data/icebreaker-1.21/dialog.c:434:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:437:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:440:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"always",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:451:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"on",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:456:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"always",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:460:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"off",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:471:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)==0)
data/icebreaker-1.21/dialog.c:476:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"normal",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:479:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"easy",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:482:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"hard",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:493:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"easy",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:497:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"hard",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:501:5: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"normal",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:510:6: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
if (strlen(val)==0)
data/icebreaker-1.21/dialog.c:511:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(val,"linux",MAXMENUVALUELENGTH);
data/icebreaker-1.21/dialog.c:705:3: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant character.
strncpy(menuvalues[i],"",MAXMENUVALUELENGTH);
data/icebreaker-1.21/hiscore.c:72:5: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
sscanf(linebuf,"%12s %30ld",temphiscorename[i],&temphiscoreval[i]);
data/icebreaker-1.21/icebreaker.c:82:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(username,userinfo->pw_name,50); // not like it's gonna be fifty characters. but y'know.
data/icebreaker-1.21/icebreaker.c:83:2: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120).
strncpy(homedir,userinfo->pw_dir,255);
data/icebreaker-1.21/options.c:44:9: [1] (buffer) strncpy:
Easily used incorrectly; doesn't always \0-terminate or check for invalid
pointers [MS-banned] (CWE-120). Risk is low because the source is a
constant string.
strncpy(options.theme,"linux",MAXTHEMELENGTH);
data/icebreaker-1.21/options.c:79:7: [1] (buffer) sscanf:
It's unclear if the %s limit in the format string is small enough
(CWE-120). Check that the limit is sufficiently small, or use a different
input function.
if (sscanf(linebuf,"%20s %10s",optbuf,valbuf)==2)
data/icebreaker-1.21/text.c:65:14: [1] (buffer) strlen:
Does not handle strings that are not \0-terminated; if given one it may
perform an over-read (it could cause a crash if unprotected) (CWE-126).
for (l=0; l<strlen(text); l++)
ANALYSIS SUMMARY:
Hits = 88
Lines analyzed = 5032 in approximately 0.20 seconds (25336 lines/second)
Physical Source Lines of Code (SLOC) = 3227
Hits@level = [0] 72 [1] 34 [2] 39 [3] 12 [4] 3 [5] 0
Hits@level+ = [0+] 160 [1+] 88 [2+] 54 [3+] 15 [4+] 3 [5+] 0
Hits/KSLOC@level+ = [0+] 49.5817 [1+] 27.2699 [2+] 16.7338 [3+] 4.64828 [4+] 0.929656 [5+] 0
Dot directories skipped = 1 (--followdotdir overrides)
Minimum risk level = 1
Not every hit is necessarily a security vulnerability.
There may be other security vulnerabilities; review your code!
See 'Secure Programming HOWTO'
(https://dwheeler.com/secure-programs) for more information.