Flawfinder version 2.0.10, (C) 2001-2019 David A. Wheeler. Number of rules (primarily dangerous function names) in C/C++ ruleset: 223 Examining data/kfourinline-20.04.3/src/kgamedialogconfig.h Examining data/kfourinline-20.04.3/src/kgameprocess.h Examining data/kfourinline-20.04.3/src/kwin4global.h Examining data/kfourinline-20.04.3/src/kwin4.cpp Examining data/kfourinline-20.04.3/src/kfontutils.h Examining data/kfourinline-20.04.3/src/piecesprite.cpp Examining data/kfourinline-20.04.3/src/buttonsprite.h Examining data/kfourinline-20.04.3/src/displayintro.cpp Examining data/kfourinline-20.04.3/src/thememanager.cpp Examining data/kfourinline-20.04.3/src/kwin4view.h Examining data/kfourinline-20.04.3/src/kwin4player.cpp Examining data/kfourinline-20.04.3/src/kgameconnectdialog.h Examining data/kfourinline-20.04.3/src/kgamedebugdialog.cpp Examining data/kfourinline-20.04.3/src/kwin4proc.h Examining data/kfourinline-20.04.3/src/introsprite.h Examining data/kfourinline-20.04.3/src/kgamedialog.h Examining data/kfourinline-20.04.3/src/displayintro.h Examining data/kfourinline-20.04.3/src/kwin4doc.h Examining data/kfourinline-20.04.3/src/kgamepropertyarray.h Examining data/kfourinline-20.04.3/src/buttonsprite.cpp Examining data/kfourinline-20.04.3/src/spritenotify.h Examining data/kfourinline-20.04.3/src/kchatdialog.h Examining data/kfourinline-20.04.3/src/kgamedialog.cpp Examining data/kfourinline-20.04.3/src/pixmapsprite.h Examining data/kfourinline-20.04.3/src/kgameprocess.cpp Examining data/kfourinline-20.04.3/src/kgameconnectdialog.cpp Examining data/kfourinline-20.04.3/src/chatdlg.h Examining data/kfourinline-20.04.3/src/kgamedialogconfig.cpp Examining data/kfourinline-20.04.3/src/thememanager.h Examining data/kfourinline-20.04.3/src/piecesprite.h Examining data/kfourinline-20.04.3/src/kwin4doc.cpp Examining data/kfourinline-20.04.3/src/displaygame.h Examining data/kfourinline-20.04.3/src/kgamedebugdialog.h Examining data/kfourinline-20.04.3/src/pixmapsprite.cpp Examining data/kfourinline-20.04.3/src/scoresprite.h Examining data/kfourinline-20.04.3/src/aiboard.h Examining data/kfourinline-20.04.3/src/aiboard.cpp Examining data/kfourinline-20.04.3/src/score.cpp Examining data/kfourinline-20.04.3/src/main.cpp Examining data/kfourinline-20.04.3/src/scoresprite.cpp Examining data/kfourinline-20.04.3/src/reflectiongraphicsscene.cpp Examining data/kfourinline-20.04.3/src/kwin4proc.cpp Examining data/kfourinline-20.04.3/src/spritenotify.cpp Examining data/kfourinline-20.04.3/src/kchatdialog.cpp Examining data/kfourinline-20.04.3/src/kwin4.h Examining data/kfourinline-20.04.3/src/reflectiongraphicsscene.h Examining data/kfourinline-20.04.3/src/introsprite.cpp Examining data/kfourinline-20.04.3/src/kwin4player.h Examining data/kfourinline-20.04.3/src/chatdlg.cpp Examining data/kfourinline-20.04.3/src/kfontutils.cpp Examining data/kfourinline-20.04.3/src/displaygame.cpp Examining data/kfourinline-20.04.3/src/score.h Examining data/kfourinline-20.04.3/src/kwin4view.cpp FINAL RESULTS: data/kfourinline-20.04.3/src/kgameprocess.cpp:139:32: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. KRandomSequence* KGameProcess::random() data/kfourinline-20.04.3/src/kgameprocess.h:175:22: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. KRandomSequence *random(); data/kfourinline-20.04.3/src/kwin4proc.cpp:587:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long yellow_value = random(EVAL_RANDOM); data/kfourinline-20.04.3/src/kwin4proc.cpp:588:23: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long red_value = random(EVAL_RANDOM); data/kfourinline-20.04.3/src/kwin4proc.cpp:680:17: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long KComputer::random(long max) data/kfourinline-20.04.3/src/kwin4proc.cpp:683:15: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. return proc.random()->getLong(max); data/kfourinline-20.04.3/src/kwin4proc.h:101:10: [3] (random) random: This function is not sufficiently random for security-related functions such as key and nonce creation (CWE-327). Use a more secure technique for acquiring random values. long random(long max); data/kfourinline-20.04.3/src/kgameprocess.cpp:51:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d->rFile.open(stdin, QIODevice::ReadOnly|QIODevice::Unbuffered); data/kfourinline-20.04.3/src/kgameprocess.cpp:52:12: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). d->wFile.open(stdout, QIODevice::WriteOnly|QIODevice::Unbuffered); data/kfourinline-20.04.3/src/kgameprocess.cpp:170:3: [2] (buffer) memcpy: Does not check for buffer overflows when copying to destination (CWE-120). Make sure destination can always hold the source data. memcpy(tmpbuffer+2*sizeof(long),msg.data(),msg.size()); data/kfourinline-20.04.3/src/kwin4proc.cpp:148:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::ReadOnly )) data/kfourinline-20.04.3/src/kwin4proc.cpp:207:13: [2] (misc) open: Check when opening files - can an attacker redirect it (via symlinks), force the opening of special file type (e.g., device files), move things around to create a race condition, control its ancestors, or change its contents? (CWE-362). if (!file.open(QIODevice::WriteOnly )) data/kfourinline-20.04.3/src/kwin4proc.cpp:358:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char numberMatrix[SIZE_Y_ALL+1]; data/kfourinline-20.04.3/src/kwin4proc.cpp:466:3: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char locNumbers[SIZE_Y_ALL+1]; data/kfourinline-20.04.3/src/kwin4proc.h:171:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mRowLengths[38]; data/kfourinline-20.04.3/src/kwin4proc.h:173:5: [2] (buffer) char: Statically-sized arrays can be improperly restricted, leading to potential overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use functions that limit length, or ensure that the size is larger than the maximum possible length. char mStartOfRows[38]; data/kfourinline-20.04.3/src/kwin4proc.cpp:77:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0;i<strlen(s1);++i) data/kfourinline-20.04.3/src/kwin4proc.cpp:79:14: [1] (buffer) strlen: Does not handle strings that are not \0-terminated; if given one it may perform an over-read (it could cause a crash if unprotected) (CWE-126). for (i=0;i<strlen(s2);++i) ANALYSIS SUMMARY: Hits = 18 Lines analyzed = 13644 in approximately 0.44 seconds (30999 lines/second) Physical Source Lines of Code (SLOC) = 7327 Hits@level = [0] 40 [1] 2 [2] 9 [3] 7 [4] 0 [5] 0 Hits@level+ = [0+] 58 [1+] 18 [2+] 16 [3+] 7 [4+] 0 [5+] 0 Hits/KSLOC@level+ = [0+] 7.91593 [1+] 2.45667 [2+] 2.1837 [3+] 0.955371 [4+] 0 [5+] 0 Dot directories skipped = 1 (--followdotdir overrides) Minimum risk level = 1 Not every hit is necessarily a security vulnerability. There may be other security vulnerabilities; review your code! See 'Secure Programming HOWTO' (https://dwheeler.com/secure-programs) for more information.